Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

CERBER Ransomware

 

Systems Affected


Windows

Threat Level


High


Overview


The malware encrypts files after force restarting their PC, dropping ransom messages, named DECRYPT MY FILES.


Description


CERBER is ransomware pretty strong written / created with great attention details / details. Once deployed, the file disappears and walk a copy thereof (renamed [random word] .exe from a hidden folder created in% APPDATA%. Some examples of file names CERBER virus results: csrstub.exe, dinotify .exe, ndadmin.exe, setx.exe, rasdial.exe, RelPost.exe, ntkrnlpa.exe. the files have a creation timestamp edited. this malware also create a link to malware derivatives:% APPDATA% / Microsoft / Windows / Start Menu / Programs / Startup. in the Process Explorer we can see derivatives create a new file (used to divide the tasks of the files that are encrypted). this malware also makes changes in the Windows registry. CERBER can encrypt the files in the offline state - this means no need to take the key out of CnC servers. Files that have been encrypted completely changed its name and add the extension typical for this ransomware: .cerber. Upon executing the .cerber file, will display the message ransom in two forms: HTML and TXT. This message is only available in English.


Impact



Solution/ Workarounds


1.Update to the latest version of Flash
2.Perform data backup

Manual remove
Boot Your PC In Safe Mode to isolate and remove Cerber files and objects
Find malicious files created by Cerber on your PC
Fix registry entries created by Cerber on your PC
Automatic remove
Back up your data to secure it against infections and file encryption by Cerber in the future
Restore files encrypted by Cerber
Optional: Using Alternative Anti-Malware Tools


References


Indonesia Computer Emergency Response Team
http://www.cert.or.id/index-berita/id/berita/66/

Sensors
http://sensorstechforum.com/remove-cerber-ransomware- and-restore-cerber-encrypted-files/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.