Hi, I'm a recent .cerber victim. I had backups of some files, but I chose NOT to backup my photos and videos, so I lost a good bit of those. Panda unransom has so far failed in normal and advanced mode. It has a key listed in the combo box dropdown which is probably wrong. I will need to investigate how to seed with a different key. There IS probably a way to do this. ShadowCopy, Disk Drill, these are not tools likely to get your files back to you unless in the case of ShadowCopy, you've made a backup. I don't believe that the footprint of the original files is there in the case of Cerber. But hear me out, I have not PROVEN that the files are not there. Disk Drill found a bunch of files, but in no case, has Disk Drill restored any files. It makes it look like it will, and then fails. So here's my objective - it is to collect information on a case by case basis, so we can further our understanding. It is absloutely essential to hear each user's experience. I am calling myself User #1. I would call out to other users to help out in this manner. So here's my story.
1) Panda unransom has not helped. The error is often: [ERROR]: Key size-block doesn't match.
2) Disk Drill has not worked and has given me false hopes, by restoring files which are unopenable by the tools that should be able
to open them, eg. a bitmap or jpg reader. I am not giving up, just saying no success yet. It is a file recovery tool, and not a decryptor
3) So so far, I have not had success with Panda, Disk Drill, nor Puran. Disk Drill found 71,000+ files, and rebuilt over a thousand right away, but
I cannot confirm that any are correctly re-assembled, although I am still working with Disk Drill. NOTE: TRY TO RESTORE TO A DIFFERENT
VOLUME SO YOU MIMINIZE THE WRITES TO THE AFFECTED DRIVES. This might be hard for some people, you may only have
a C: drive. Just try to get an external drive installed somehow.. A DVD/CD won't do with most tools. Perhaps there is one or two that
can write to a DVD/CD. I don't know yet.
I will keep searching for more tools, and try to add to our knowledge base. I would NOT be adverse to pleading with the man who created the virus
that we would give him immunity to prosecution if he tells us what's going on. However, it might be a wider consipracy of a rich man or corporation
paying someone to ruin peoples photos and videos and programming projects. I feel that's what it is. It is then not someone I feel who was
persecuted and got even with sociiety.
If you have not been infectted with this virus, you cannot imagine the damage it has done, nor can I, honestly imagine the anger that may reside
in the person who designed this malware/trojan/ransomware. Maybe they were molested by a priest or something. I don't know their story.
So let's please find the websites that it came from. I have my browsing history and may be able to figure that out. I'm not sure.
Please help further the understanding of this virus, either by pleading or our own outside research, which will be difficult.
Lastly, I don't know if it's eastern-bloc/Russian, or whatever, it could be a pretext of that. However, some people may KNOW more
about who it is. Please trust them as they may know more.
I joined the Panda Security Forum but so far, have been unable to post.
Edited by PetarSickey, 05 July 2016 - 09:08 AM.