How to Decrypt *.cerber3 files?

My mom told me to recover her files because every file was renamed as ********.cerber3. She told me that she got a screen with a gray backround with some text saying "CERBER_ENCRYPTION" on top. So i searched the web on how to decrypt them. But I can't find a solution to decrypt them. She even told me that if i recovered her files i will have money so please tell me how to recover it :D

Any files that are encrypted with Cerber Ransomware will be renamed with 10 random characters plus the .cerber (i.e. 2C1OlcaXdF.cerber, Ku7dYlcvkj.cerber) or .cerber2 extension (see here) appended to the end of the encrypted data filename and leave files (ransom notes) named DECRYPT MY FILES#.vbs, DECRYPT MY FILES#.txt, DECRYPT MY FILES#.html.

The newest variant of Cerber Ransomware will have a .cerber3 extension appended to the end of the encrypted data filename and leave files (ransom notes) named # HELP DECRYPT #.txt, # HELP DECRYPT #.html, and # HELP DECRYPT #.url.

Trend Micro released a Ransomware File Decryptor for victims of earlier Cerber infections but it has limitations...must be used on the infected machine, may take several hours to complete decryption, some files may be only partially decrypted. However, victims of Cerber Ransomware have reported the decryption tool does not work on cerber3 encrypted files.

In cases where a decryption tool does not work and you do not plan on paying the ransom, the only other alternative is to backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered.

There is an ongoing discussion in this topic where you can ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015
Unified Network of Instructors and Trusted Eliminators (Malware Removal Expert)

65 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Reply In reply to deleted message

Not at this time. As I noted in my previous post, victims of Cerber Ransomware already have reported the decryption tool does not work on cerber3 encrypted files.

And as I also noted, in cases where a decryption tool does not work and you do not plan on paying the ransom, the only other alternative is to backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time.

I have seen cases with other ransomware infections, where a solution was found almost a year later so there is always hope.

Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015
Unified Network of Instructors and Trusted Eliminators (Malware Removal Expert)

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

please find a solution to decrypt the files infected by .cerber3.

i have lot of important data.

please let me know where does ransomware like these originate and get into computers ?

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

AFAIK it's still not possible to decrypt your files for free...

In addition to what has been mentioned in the prior posts, you might want to read this: https://www.bleepingcomputer.com/news/security/cerber-ransomware-switches-to-cerber3-extension-for-encrypted-files/

And I strongly suggest to read/do:


May 4, 2018: I won't participate anymore in MC. Enough is enough.

7 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

...please let me know where does ransomware like these originate and get into computers ?

Section 2 in How Malware Spreads - How your system gets infected explains the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.

Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015
Unified Network of Instructors and Trusted Eliminators (Malware Removal Expert)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

IF YOU ARE READING THIS!

Continue reading from here upto the end of this reply :D

Never pay for the ransom because:

1. You're not sure that your files will be decrypted after paying the ransom.

2 - ?. This might be a little a little long:

When you pay for the ransom. The hackers will get motivated in infecting more computers thus earning more money. As a victim of Ransomware (not me. As my mom*) NEVER EVER pay for the ransom. When they hack a computer. They will wait for the victim to pay for the ransom. But when you DON'T pay. They will hack another computer. If the next victim didn't pay for it . They will find another victim and again and again until they give up. I contacted Microsoft about this Ransomware and (For me) I think that they are finding a way to decrypt it. In case It might take a lot of time for Microsoft. Save your Hard Drive (keep it in a safe place) and wait until they find a way. I hope that every victim is reading this.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

 
 

Question Info


Last updated August 3, 2020 Views 24,433 Applies to: