Ransomeware Cerber Virus

[Abdullatif]

Hello Guys,

 

i got infected by cerber ransomeware 4.0 last 2 week , the problem here i dkn't have any backup and i used alot of recovery tools is there a way of decryption can anyone help me ???, the problem is inside the file hex valus most of them all changed ??! Because of encryption .

[fjdhdhcyfhf]

if you hand over money there is no guarantee you will get your data back. learnt your lesson about backup the hard way. sorry you will likely need military/state level supercomputers to decrypt your data

[Xanthe_2871]

@DeadEyePsycho might know something about this.

[DELTAprime]

You could hope if you hand over the money they decrypt your files, otherwise your SOL.

[2FA]

There is no decryptor for Cerber anymore as the exploit used in the tool was patched. The only way to recover your files is if you have a restore point or shadow volume copy. You want to properly remove the virus before hand though or else it will just re-encrypt your drive. More information about it here http://www.virusresearch.org/remove-cerber-4-0-3-ransomware/ 

13 minutes ago, DELTAprime said:

You could hope if you hand over the money they decrypt your files, otherwise your SOL.

 

16 minutes ago, SCHISCHKA said:

if you hand over money there is no guarantee you will get your data back. learnt your lesson about backup the hard way. sorry you will likely need military/state level supercomputers to decrypt your data

For ransomware to be profitable, it is reliant on the creators to give the decryption key when paid. If they didn't do that, they wouldn't make any money as the grand majority of people would know that they wouldn't get their data back and thus would not pay them.

[fjdhdhcyfhf]

6 minutes ago, DeadEyePsycho said:

For ransomware to be profitable, it is reliant on the creators to give the decryption key when paid. If they didn't do that, they wouldn't make any money as the grand majority of people would know that they wouldn't get their data back and thus would not pay them.

do they take payment in bitcoin and are anonymous? there is no guarantee they will do as promised. does the person from microsoft who calls you to tell you have a virus actually fix your computer? na i reckon they'd string you along and keep re-infecting you every couple of months.

[2FA]

7 minutes ago, SCHISCHKA said:

do they take payment in bitcoin and are anonymous? there is no guarantee they will do as promised

Their business model is reliant on them being reliable. Yes there is no guarantee but the big ransomware makers are more likely to be reliable since they put so much effort into their virus'.

[fjdhdhcyfhf]

2 minutes ago, DeadEyePsycho said:

Their business model is reliant on them being reliable. Yes there is no guarantee but the big ransomware makers are more likely to be reliable since they put so much effort into their virus'.

Their business only relies on people not having back ups and being so desperate to get their money back they will pay anything. $300 this week, $400 next week.... the more desperate you are the more they will string you along. Please don't encourage people to hand over money to scammers & criminals.

 

You're talking about reliability, that requires having a reputation, being a household name or famous/well known in some way.

https://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/

" Cerber is sold to distributors on underground Russian forums."

What reputation do you see here that would have you trust the criminals who are blackmailing you?

and why is @DeadEyePsycho from the University Learning Cyber Security making claims you can trust ransomware distributers?

 - thats not suspicious at all.

 

If you give a monetary reward to criminals you are funding the attack of their next victim. That is their business model; you paying them money!!!

If you pay them money I will bet that they will hit you again. Get a proper back up solution, and don't put yourself on their call back list.

[2FA]

27 minutes ago, SCHISCHKA said:

Their business only relies on people not having back ups and being so desperate to get their money back they will pay anything. $300 this week, $400 next week.... the more desperate you are the more they will string you along. Please don't encourage people to hand over money to scammers & criminals.

 

You're talking about reliability, that requires having a reputation, being a household name or famous/well known in some way.

https://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/

" Cerber is sold to distributors on underground Russian forums."

What reputation do you see here that would have you trust the criminals who are blackmailing you?

and why is @DeadEyePsycho from the University Learning Cyber Security making claims you can trust ransomware distributers?

 - thats not suspicious at all.

 

If you give a monetary reward to criminals you are funding the attack of their next victim. That is their business model; you paying them money!!!

If you pay them money I will bet that they will hit you again. Get a proper back up solution, and don't put yourself on their call back list.

Not once did I say to pay them. All I did was give information about how ransomware works. I never encourage people to pay them but I will not with hold information. I'm not responsible for what people do with the knowledge gained and I'm not going to shelter them. If you would like to have a civil discussion about it, feel free to leave a rational reply. Unfortunately, I doubt that will be the case due to you insinuating that I have malicious intent. Something you should know is that white hats and black hats have the same set of skills but what they choose to do with their knowledge is what sets them apart.

 

[Xanthe_2871]

16 minutes ago, DeadEyePsycho said:

Something you should know is that white hats and black hats have the same set of skills but what they choose to do with their knowledge is what sets them apart.

Excellent point. 

[Xanthe_2871]

40 minutes ago, SCHISCHKA said:

Their business only relies on people not having back ups and being so desperate to get their money back they will pay anything. $300 this week, $400 next week.... the more desperate you are the more they will string you along. Please don't encourage people to hand over money to scammers & criminals.

 

You're talking about reliability, that requires having a reputation, being a household name or famous/well known in some way.

https://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/

" Cerber is sold to distributors on underground Russian forums."

What reputation do you see here that would have you trust the criminals who are blackmailing you?

and why is @DeadEyePsycho from the University Learning Cyber Security making claims you can trust ransomware distributers?

 - thats not suspicious at all.

 

If you give a monetary reward to criminals you are funding the attack of their next victim. That is their business model; you paying them money!!!

If you pay them money I will bet that they will hit you again. Get a proper back up solution, and don't put yourself on their call back list.

Apparently Hollywood Presbyterian would beg to differ. 

[fjdhdhcyfhf]

30 minutes ago, DeadEyePsycho said:

feel free to leave a rational reply

You say big virus makers are going to be more reliable, but I do not see that. I see an effective infection tool distributed anonymously and being funded anonymously. That is my rationale, the anonymity protects the infector and removes any reliability. I do not know where you learnt this. Scammers have proven over and over again they will milk their victims completely dry without any intention of delivering on their promises. My other rational is that if you do pay them you will be on their list of people willing to pay and you are more likely to get targeted again. Scammers are not brand name entities that depend on trust & reputation to get repeat business.

 

Ransomware works by drive by downloads and dodgy email links to a victim who is unprepared for a data loss; this is their business model - not reputation.

 

28 minutes ago, Xanthe_2871 said:

Apparently Hollywood Presbyterian would beg to differ. 

that article doesn't deliver much information. Im quite amazed they were able to get so many bitcoins in such a short amount of time. Theres better stuff on google scholar for cyber security in healthcare. Hospitals are unfortunately a rewarding ransom target, considering peoples lives are endanger

[Abdullatif]

Agree with you guys , the problem is i have over 3tb of hard work in my pc over 4-5 years ,, if i fund them high chance they will target me hard again amd they know what they are doing .. The only solution is to wait! They will make a mistake they will get caught and white hat hackers then will make a decryption tool ,, then why the originals founders sold their work to people they had enough money ?? No they know they will get caught and they will face more than 10 years in prison ,, they are people like us "people make mistakes" 

 

i will not pay these Scums i will wait ! 

That all i have right now

[Abdullatif]

@DeadEyePsycho quick question if you don't mind , the cerber ransomeware 4.0 makes randome extention for every pc like my pc is 9a81 for all files another pc i think it diffrents , the decryptor tool works for all extentions or they have decrypt program for every extention they make ?? 

[2FA]

7 hours ago, Abdullatif said:

@DeadEyePsycho quick question if you don't mind , the cerber ransomeware 4.0 makes randome extention for every pc like my pc is 9a81 for all files another pc i think it diffrents , the decryptor tool works for all extentions or they have decrypt program for every extention they make ?? 

The tool doesn't work at all anymore is what I said. Not that it works partially.

[2FA]

10 hours ago, SCHISCHKA said:

You say big virus makers are going to be more reliable, but I do not see that. I see an effective infection tool distributed anonymously and being funded anonymously. That is my rationale, the anonymity protects the infector and removes any reliability. I do not know where you learnt this. Scammers have proven over and over again they will milk their victims completely dry without any intention of delivering on their promises. My other rational is that if you do pay them you will be on their list of people willing to pay and you are more likely to get targeted again. Scammers are not brand name entities that depend on trust & reputation to get repeat business.

 

Ransomware works by drive by downloads and dodgy email links to a victim who is unprepared for a data loss; this is their business model - not reputation.

According to this article by Zdnet, around 60% of businesses get their data back after paying which means more often than not. It probably also depends on the ransomware was delivered. If it was through a targeted attack or through a drive-by/web exploit.