Sign in to follow this  
ricrad

Cerber ransomware & Files decryption

Recommended Posts

Hello. Hope you are fine.

I was victim of a ransomware called cerber
At one point I noticed the slowing down of my machine. Then I restarted it, thus interrupting the process. Always it is that it has succeeded to encrypt a good part of my data in form [random alphanum].b01e.
My question: Is there a way to reverse the process? Decrypt my data. If not, is there a way to bruteforce the encryption ? I know it can take a while but it's important.

Share this post


Link to post
Share on other sites

Per bleepingcomputer.com:

Unfortunately, there is still no known way to decrypt files encrypted by Cerber v2/v3 or the newer 10 random characters with a random 4 character (i.e. .b71c) extension without paying the ransom.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Other victims reported they paid the ransom but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the key and decryption software they received did not work or resulted in errors. Still others have reported paying the ransom only to discover the criminals wanted more money. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all. Keep all this in mind if you are considering paying the ransom since there is no guarantee decryption will be successful

 

 

Share this post


Link to post
Share on other sites

OK. But is there a way to find the encryption method ?

I've notice that some of my mp3 of videos files can still be played with vlc with a few errors.

A friend told me that if the files was really encrypted, I could'nt play them with vlc. 

Is it possible that the virus has only mixed the contents of the files by following a certain algorithm?
So if someone can compare with a normal or hexadecimal text editor an encrypted version of a file and its unencrypted version and can determine a way to restore them?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.