Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I have a long-term objective to decrypt the .cerber virus files - pls join me.

  • This topic is locked This topic is locked
3 replies to this topic

#1 PetarSickey


  • Members
  • 151 posts
  • Local time:08:31 AM

Posted 05 July 2016 - 08:55 AM

Hi, I'm a recent .cerber victim.  I had backups of some files, but I chose NOT to backup my photos and videos, so I lost a good bit of those.  Panda unransom has so far failed in normal and advanced mode.  It has a key listed in the combo box dropdown which is probably wrong.  I will need to investigate how to seed with a different key.  There IS probably a way to do this.  ShadowCopy, Disk Drill, these are not tools likely to get your files back to you unless in the case of ShadowCopy, you've made a backup.  I don't believe that the footprint of the original files is there in the case of Cerber.  But hear me out, I have not PROVEN that the files are not there.  Disk Drill found a bunch of files, but in no case, has Disk Drill restored any files.  It makes it look like it will, and then fails.  So here's my objective - it is to collect information on a case by case basis, so we can further our understanding.  It is absloutely essential to hear each user's experience.  I am calling myself User #1.  I would call out to other users to help out in this manner.  So here's my story.


1)  Panda unransom has not helped.  The error is often: [ERROR]: Key size-block doesn't match.

2) Disk Drill has not worked and has given me false hopes, by restoring files which are unopenable by the tools that should be able

to open them, eg. a bitmap or jpg reader.  I am not giving up, just saying no success yet.  It is a file recovery tool, and not a decryptor

3) So so far, I have not had success with Panda, Disk Drill, nor Puran.  Disk Drill found 71,000+ files, and rebuilt over a thousand right away, but

I cannot confirm that any are correctly re-assembled, although I am still working with Disk Drill.  NOTE: TRY TO RESTORE TO A DIFFERENT
VOLUME SO YOU MIMINIZE THE WRITES TO THE AFFECTED DRIVES.  This might be hard for some people, you may only have

a C: drive.  Just try to get an external drive installed somehow..  A DVD/CD won't do with most tools.  Perhaps there is one or two that

can write to a DVD/CD.  I don't know yet.


I will keep searching for more tools, and try to add to our knowledge base.  I would NOT be adverse to pleading with the man who created the virus

that we would give him immunity to prosecution if he tells us what's going on.  However, it might be a wider consipracy of a rich man or corporation

paying someone to ruin peoples photos and videos and programming projects.  I feel that's what it is.  It is then not someone I feel who was

persecuted and got even with sociiety.


If you have not been infectted with this virus, you cannot imagine the damage it has done, nor can I, honestly imagine the anger that may reside

in the person who designed this malware/trojan/ransomware.  Maybe they were molested by a priest or something.  I don't know their story.

So let's please find the websites that it came from.  I have my browsing history and may be able to figure that out.  I'm not sure.

Please help further the understanding of this virus, either by pleading or our own outside research, which will be difficult.


Lastly, I don't know if it's eastern-bloc/Russian, or whatever, it could be a pretext of that.  However, some people may KNOW more

about who it is.  Please trust them as they may know more.


I joined the Panda Security Forum but so far, have been unable to post.

Thank you.

Edited by PetarSickey, 05 July 2016 - 09:08 AM.

BC AdBot (Login to Remove)


#2 BaronCardinal


  • Members
  • 22 posts
  • Gender:Male
  • Local time:08:31 AM

Posted 05 July 2016 - 10:28 AM

It looks like there is a focusing page also as a heads up



if you haven't seen it.

Edited by BaronCardinal, 05 July 2016 - 10:31 AM.

#3 cybercynic


  • Members
  • 562 posts
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:07:31 AM

Posted 05 July 2016 - 10:47 AM

For starters, you could stop using Panda Unransom. This is an old program that dates back to 2012. In 2013, the 'latest' version was The version I just downloaded was The program hasn't been updated in years and won't decrypt Cerber. (per Blooddolly, one of the analysts/experts here at the Bleep, who knows much more about Cerber than you or I.)


You talk about the anger of the ransomware designer. Where did  you get that? These ransomwares are the tools of criminal enterprises to make money, lots of it. And they are doing so. The "profit" potential is staggering.


There are many more ransomwares out there than just Cerber. Locky, CryptXXX and several others are raking in the dough, and creating misery for many.

Edited by cybercynic, 05 July 2016 - 11:15 AM.

We are drowning in information - and starving for wisdom.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 AM

Posted 05 July 2016 - 04:31 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in the Cerber Ransomware Support Topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users