Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cerber Ransomware Support and Help Topic - CRBR Encryptor


  • Please log in to reply
1904 replies to this topic

#31 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 19 March 2016 - 08:10 AM

yeah. but that does not really answer my questions.

 

 

that's all I can do? wait?

 

does anybody know how to get it from the Computer for now? without installing some cleaning Software like shadowhunter4?

 

that are all programs who cost Money and have to be registered first. I can't even clean it from the Computer.

 

any Solutions? Manual clean? or some Freeware that works?


Edited by Gomez123, 19 March 2016 - 08:15 AM.


BC AdBot (Login to Remove)

 


m

#32 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,917 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 19 March 2016 - 08:21 AM

Crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. As such, they don't know how long the malware was on the system before being alerted or if other malware was installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes Anti-Malware and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#33 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 19 March 2016 - 08:30 AM

I am new here. and I will read this again and try to follow the steps that you have listed in the guide. but are there free programs from which you have listet, that will remove cerber completely? which one does it? most of them cost Money for full versions.

 

and what do you think about paying the Money for the decrypter at the hackers. did someone had experience with that? could this possible work, or do you just pay your Money and don't get the file, that can make your files work again?

 

you have to pay with bitcoins, and I am asking myself, how they should contact, link me, or give me a follow to the fix file, if I am not really in connected with them? I don't even know where they could send me this fix after payment. If I would pay them 500 Dollars bitcoins, they just would get it. But how would they see who payed it and how could they respond and contact me for send me the cerber decrypter? how does this work?

 

 

 

ESET didn't found a Virus. just found the mass .vbs files. what are they? I think that were the voice mails that poped up regualar, if you opened a Folder. the voice who tells you that your Computer is infected and you should buy this xy. malwarebytes just found two Little registry things.

 

 

 

will these be enough to remove it? or should I still follow the listed steps and create and post my logs?

 

and how Long do you guys think somebody has to wait until there will be an decrypt tool or fix for this online? months? years?

 

I did not backup my files before. I wish I had done it. ok I did it. but the harddrive was connected too at the moment. it was not offline. so they damaged even my second data disk too.

 

is there any Option to get the files working back?

 

 

I did no restore Point on my System. but are there any programs or something like that, who still can backup files on hidden ways, or backups that the System or hard drive does automaticly?


Edited by Gomez123, 19 March 2016 - 01:11 PM.


#34 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,917 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 19 March 2016 - 01:42 PM

Both Malwarebytes Anti-Malware and Emsisoft Anti-Malware offer free versions which will scan and remove malware. Online Virus Scanners are also free.

Most crypto malware typically delete all shadow copy snapshots (created if System Restore was enabled) with vssadmin.exe so that you cannot restore your files from before they had been encrypted using native Windows Previous Versions or a program like Shadow Explorer...but it never hurts to try in case the infection did not do what it was supposed to do. It is not uncommon for these infections to sometimes fail to properly delete Shadow Volume Copies.In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work.Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. The more people pay the ransom, the more the attackers are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files. And since ransomware can be responsible for dual infections that means paying both ransoms in order to decrypt data. Decreasing your chances for recovering data with dual infections is that files may get encrypted multiple times, especially if the victim had tried to fix the files by renaming them first while the malware was still active...resulting in further problems and complicating possible decryption.Grinler, (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

...Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay a ransom unless it is absolutely necessary for data recovery...Last, but not least, it is important to remember that paying the ransom only continues to fuel the release of new variants of these types of programs.

Since many victims know there is no guarantee with paying the ransom, some ransomware developers and Hackers are now offering customer support and live Support Chat to help with decryption. Then the question becomes....should I trust that support?

With that said...We understand some folks may feel they have no other alternative but to take a chance and pay the ransom in hopes of recovering irreplaceable photos and other personal or important data. That is a choice and a decision each affected victim will have to make for themselves. We will not make any judgments for doing so.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#35 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 19 March 2016 - 04:18 PM

ty for your respond.

 

 

I totally get what you mean...

 

I would never Chose to Support those pple or pay them Money. but at the Moment I feel like I have even to try it, because I can't find and actually solution, which could decrypt my files to make them work again.

 

the .ceber Support and guarantee for decrypt the files, Looks not huge on paper. I don't know if they even have Support.

 

 

My only hope is, that they can decrypt my whole files properly, because they were the pple, who have made this mess. It's true, I don't want to damage the files with some rename tries or multiple decrypts.

 

but at the Moment, I can't really see another solution. Just to try it out. My thought is that this should fix and work out. and then never Comes back. I know I would never let my files again without a safe backup on a disconnected hard drive.

 

It's like you said. there is no guarantee for decrypt and recover the files. but I think with a random Software the chances will be not better. I tried to check my copies out with shadow Explorer. the program could not even read something out. the full file section is empty. don't know if deleted or something Buggy with the program.

 

----

 

 

and wow. that is really sad. the first Story where he paid the Money and his files did not work after the decryption. he could not open them correctly. that is sad to hear.

 

could an fix or user based decrypt Programm do that better in the future?

 

 

and what do you mean with "R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work"?

 

how you mean the "recover"? the files are there, or not? just crypted. will this recover delted files, that were damaged and lost, or just recover old origin files like they were before the cryption? how should this work, if there are no backup files anymore?

 

----

 

I don't think that I got dual infections. or how do you mean it? It's the first time that I got this ransomware infection. and every file Ends with .cerber  -  I haven't done any Manual changes with the files.

 

---

 

I don't agree that there will be less infections on the Internet, when I try to not pay them or recover my files. I felt that the only protection against this, is the knowledge and the prepare and backup to your own files. and to share These informations and soltuions with others. when I rly would known, what a huge Virus makes a round here, and how easy this is to get, I would prepared myself alrdy and did a safe backup on my harddrive. everything was fine, so I did not thought about it.

 

strange. the last guy said that it is nearly impossible to decrypt files by ransomware. so how even dodge the payment, if there is no other possible solution? if the files are really important to you and you have no backup aviable? If you Need the files to work with it. you will pay. and they know it. that's the sad Thing about this whole criminal set.

 

I never saw such a bleep before. my full Computer is unuseable now. because all my work and what I have done here, is based on the data files. just unbelievable.

 

Keep your head up for possible Solutions. I appreciate it.

 

add: the GPcode encrypted files is from 2008. this outdated tool won't work with .ceber crypts or? or does this work on the same way?

 

I also tried the recover Tools like R-Studio. but this won't work. the files to recorver or copy are all full .cerber endings.

 

how does shadow copy work exactly? I Need to do a Manual Windows backup or reset Point, to get shadow copy files on my Computer? because I haven't done some. or do shadow copies be made frequently automatic, so I can use them later?

 

In that case, I could recover the needed shadow copy files with a tool like listed on top?

 

and what can the data recovery programs acutally do, when I have made no shadow copies? can the programs just detect my full hdd database from previous days? or how does it work?

 

plz help


Edited by Gomez123, 20 March 2016 - 09:29 AM.


#36 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 19 March 2016 - 05:57 PM

one question. whats your opinion about it?

 

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

 

on the bottom of the link. there were posted the two Pictures, how the cerber Webpage Looks, where you have to pay the Money and follow the instructions.

 

simple question. is this an live updated working Homepage for transaktions? means. will there something Pop up, or even can it, when you would pay? does the bitcoin value changes and there Pops up the link with the tool, after it reaches the listed coin number. or someone has to do this manually and contact you? because the page Looks like a script.

 

is it just an Programm that was started with a clock timer, that runs down? means a dead page, that won't be updated, no matter if you pay or not. I can't rly see if this is just an fake, to make Money, or if they really give some decrypt key + including Software on the bottom side of the page, to fix it, after payment.

 

you get what I mean?

 

means. if you pay, will there on the bottom side of the Homepage be a Change, that the Money came in? followed by a download link? I think about how this is build up. if you pay, there Comes on bottom a new link where you could download the decrypter? or is it just a blind Homepage, where nothing happens? that has nothing to do with a payment?

 

 

I thought about to send something very low. like 0.001 coin or something, to check out if this Homepage is created to really give u the cerber decryptor Software, or it's just an Illusion, that was written before and now runs on Auto. something to hold on the payment Details, but not to interact with the customer, when he paid.

 

is it just a script that was created for your own Computer with your own created link code, that will be updated, if the coin valuae changes? the Thing is. if that would be so, how this generated Homepage would even know, if YOU payed there the 500€ - over a different coin side? because on the coin side, there will just shown how much coins they recieve, and from who(username). nothing more. how this side or the crooks can even know, who of the guys payed this value? because I can't find the connection between These types.

 

what do you think? the cerber site Looks very unprofessionel, compared to the other decrypt sites we saw before? no real Support or functions.

 

I am also interested in who already payed that on cerber. if someone would have done it, he could tell others what happened, and share his experience or warn them to not purchase, no matter what. if it did not worked like descriped. some pple just had done it. or they rly would have made Zero payment. and if someone alrdy payed for this, why did he not share These Infos around the internet? that would be important and useful.


Edited by Gomez123, 20 March 2016 - 09:08 AM.


#37 jelohuk

jelohuk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 20 March 2016 - 09:57 AM

Decoding files ".CERBER"

Title: Cerber Ransomware - Decryptor



#38 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 20 March 2016 - 10:05 AM

Video has been deleted instantly?

 

 

did an russion hacker created an account just to trollpost this?


Edited by Gomez123, 20 March 2016 - 10:19 AM.


#39 jelohuk

jelohuk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 20 March 2016 - 11:01 AM

russion hacker - u joke?

upload from dark forum

 



#40 cybercynic

cybercynic

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:03:20 PM

Posted 20 March 2016 - 11:02 AM

What about that, Jelohuk? I see that the You Tube account has been terminated. Have you been a bad boy?

We are drowning in information - and starving for wisdom.


#41 cybercynic

cybercynic

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:03:20 PM

Posted 20 March 2016 - 11:11 AM

russion hacker - u joke?
upload from dark forum
 


I see that the extortionists are producing their own advertising videos now.

We are drowning in information - and starving for wisdom.


#42 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 20 March 2016 - 11:21 AM

funny. and how do we see, if the payment calculator on the bottom side changes their value? how we can know, that if we pay from another bitcoin side, that something will Change when we go to your Website?

 

there is a 5 seconds freeze in the Video, when it Comes to payment change. and you did not Show that part on the bottom side, where something like the bitcoin value, that were paid, really went into.

 

and you just opened Image files and one word.doc

 

whats with all other types of files, like Videos, scripts, or something bleep else? something like game based datas. how we can know, that they will work properly again, if you get paid?

 

your System on the Video is very empty. nothing huge or complex there. you just created some easy files with the same Name. the Encoder can maybe fail or get Errors, on other based file endings?

 

who are you? are you the hacker, or just a victim that uploaded a vid that worked?

 

what dark forum?


Edited by Gomez123, 20 March 2016 - 11:44 AM.


#43 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 20 March 2016 - 11:48 AM

this guy also Shows how cerber works, and is very proud of it:

 

 

https://www.youtube.com/watch?v=J1WNpFIVXGs

 

https://www.youtube.com/watch?v=eYCq4WYBg4I

 

 

who is this jelohuk? the hacker who wants to be anonymous?


Edited by Gomez123, 20 March 2016 - 11:50 AM.


#44 44res

44res

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 21 March 2016 - 01:13 PM

How can I kill the virus? It keeps encrypting anything i download or have on my pc.



#45 r1co

r1co

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 21 March 2016 - 07:14 PM

Hi guys im got infected today, i lost all my photo... im searching a way to decrypt the .cerber files. Cannot make restore on previous version...

Is there a way to get them decrypted or I must pay those bxxxxxrd ? :(






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users