Cerber Ransomware

Cerber Ransomware Description

Cerber Ransomware ScreenshotThe Cerber Ransomware is a file encryptor that takes your data hostage for the sake of selling it back in return for Bitcoin currency. The general unreliability of this means of saving your files causes it to be discouraged as a solution when, instead, a sufficiently sound backup strategy can make the Cerber Ransomware's attacks relatively ineffectual. Due to the danger that the Cerber Ransomware poses to your system, data, and Web browser, malware analysts rate the Cerber Ransomware as a significant threat that should be uninstalled by dedicated anti-malware tools.

Making Deals with Con Artists for What's Yours

The Cerber Ransomware is a Trojan that uses file encryption (a data rearranging process often utilized in programs like file compressors) as a method of taking work and information hostage. Although the Cerber Ransomware's attacks are very similar to past threats like the Buddy Ransomware or the HydraCrypt Ransomware, this threat does exemplify the continued reliance fraudsters have on specific ransom techniques and technology. Like most threats the Cerber Ransomware is installed through non-consensual methods, including e-mail attachments, Web page-based exploits or even other Trojans, such as Zlob.

The Cerber Ransomware scans for non-OS files on any accessible hard drives and puts them through an encryption routine, with the key for decrypting them being specific to each infection. Besides attacking media formats like DOC, MP4, AVI, or HTML, the Cerber Ransomware also targets work-oriented ones, such as SQL databases, Excel spreadsheets and PowerPoint presentations. The Cerber Ransomware also inserts the '.cerber' file extension after each encrypted file name, and then places no less than three formats of ransom instructions in the same directory.

The Cerber Ransomware emphasizes time restrictions as an additional factor in forcing its victims to pay its ransom, and even includes a countdown timer in one of its ransom messages. While malware experts saw no cases of the Cerber Ransomware attacks deleting the encrypted files, the Cerber Ransomware does claim that its ransom cost will increase after a set amount of time. Like many file encryptors previous to it, the Cerber Ransomware hinges on demanding the victim's use of both TOR (an anonymous Web browsing application) and Bitcoin transactions for selling the decryption to you.

The Cheapest Cost of Getting Your Files Back

While threatening file encryptors often circumvent any local backups, such as Windows restore points, all PC users have other methods of saving their files from threats like the Cerber Ransomware. Con artists have no compulsion to follow through on providing any decryption services or applications after taking payments, and, in at least some cases, a threat even can be coded in such a way as to render conventional decryption impossible. Considering all of these factors, malware analysts always suggest that you use multiple, remote backups as an easy and efficient way of stopping the Cerber Ransomware from causing long term damage to your information.

Even without any risks to your data, the Cerber Ransomware always should be removed from your PC, and assumed to be a security breach equivalent to that presented by other, invasive Trojans. Common side effects unrelated to ransom tactics reported in conjunction with the Cerber Ransomware attacks include browser hijackings and disabled Web downloads, particularly in association with attempts to install new security programs. Accordingly, your pre-installed anti-malware products are the easiest solutions for deleting the Cerber Ransomware. Rebooting your PC with the additional protection of Safe Mode, or booting from a safe USB drive, are two tactics that can help you regain access to any blocked security tools.

However, for the time being, the Cerber Ransomware's con artists will continue profiting off of less cautious PC owners who don't protect their data from easily-implemented attacks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Cerber Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%_README_HRZVCO6_.hta File name: _README_HRZVCO6_.hta
Size: 67.74 KB (67748 bytes)
MD5: 16b5a4fe87e1a3eec470a47a33c6630e
Detection count: 143
Mime Type: unknown/hta
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: April 28, 2017
%APPDATA%wP6fT.exe File name: wP6fT.exe
Size: 322.56 KB (322560 bytes)
MD5: 731279e3c09f8e52a849c0a9c1043bb5
Detection count: 72
File type: Executable File
Mime Type: application/octet-stream
Path: %APPDATA%
Group: Malware file
Last Updated: July 18, 2017
%APPDATA%_HELP_HELP_HELP_KJ2P.hta File name: _HELP_HELP_HELP_KJ2P.hta
Size: 75.78 KB (75787 bytes)
MD5: 6689ad9f43ab19a1ccfad9db6a16b772
Detection count: 71
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_GLP9_.hta File name: _HELP_HELP_HELP_GLP9_.hta
Size: 75.86 KB (75864 bytes)
MD5: 5f7533c663ddb4c0ae4dbbaafb50d491
Detection count: 60
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_SUXEZY_.hta File name: _HELP_HELP_HELP_SUXEZY_.hta
Size: 75.9 KB (75904 bytes)
MD5: 5190e890725bf431ba44001e190c70f5
Detection count: 56
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_READ_THI$_FILE_DB3DT9_.hta File name: _READ_THI$_FILE_DB3DT9_.hta
Size: 77.05 KB (77053 bytes)
MD5: 7476a75b0680d99f5338b886bc7def62
Detection count: 54
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_5B3HEZ6.hta File name: _HELP_HELP_HELP_5B3HEZ6.hta
Size: 75.78 KB (75787 bytes)
MD5: b10e6f69d0c16008410b5c8cfaae0138
Detection count: 53
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_README_IAXO29_.hta File name: _README_IAXO29_.hta
Size: 67.74 KB (67748 bytes)
MD5: 57acadeabfc8883af78bbeb9dc2199bf
Detection count: 49
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 28, 2017
%APPDATA%_HELP_HELP_HELP_2R9I63OS.hta File name: _HELP_HELP_HELP_2R9I63OS.hta
Size: 75.78 KB (75787 bytes)
MD5: a2daec078c54bb6bc5e96038a1506f2c
Detection count: 34
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_HUUKTW_.hta File name: _HELP_HELP_HELP_HUUKTW_.hta
Size: 75.86 KB (75864 bytes)
MD5: 0224da72bc3638b351cf509cdfc443c2
Detection count: 30
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%USERPROFILE%\Start Menu\Programs\Startup\_HELP_HELP_HELP_RSHI_.hta File name: _HELP_HELP_HELP_RSHI_.hta
Size: 75.9 KB (75904 bytes)
MD5: a46e5f2ce8a20bbb8548959debb9ac0c
Detection count: 23
Mime Type: unknown/hta
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 15, 2017
%USERPROFILE%\Start Menu\Programs\Startup\_HELP_HELP_HELP_STOV8H1_.hta File name: _HELP_HELP_HELP_STOV8H1_.hta
Size: 75.86 KB (75864 bytes)
MD5: 1632ca0953d5499bf251455159a80ea0
Detection count: 14
Mime Type: unknown/hta
Path: %USERPROFILE%\Start Menu\Programs\Startup\
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_ND8FZ.hta File name: _HELP_HELP_HELP_ND8FZ.hta
Size: 75.78 KB (75787 bytes)
MD5: 041ef4b6a12e0b3165172884301b0d1e
Detection count: 12
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_XJ7UC8.hta File name: _HELP_HELP_HELP_XJ7UC8.hta
Size: 75.78 KB (75787 bytes)
MD5: 4ab1a256a5115d00fa7a3222936ddc03
Detection count: 7
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_XFCV_.hta File name: _HELP_HELP_HELP_XFCV_.hta
Size: 75.9 KB (75904 bytes)
MD5: 01ec9e50d17de043a23997d6562293ad
Detection count: 7
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%SystemDrive%\Users\erik\AppData\Roaming\Larry.dll File name: Larry.dll
Size: 64 KB (64000 bytes)
MD5: c8345f17fe15861cca78b45414357f6c
Detection count: 5
File type: Dynamic link library
Mime Type: application/octet-stream
Path: %SystemDrive%\Users\erik\AppData\Roaming\
Group: Malware file
Last Updated: December 23, 2016
%APPDATA%_HELP_HELP_HELP_3NNARI.hta File name: _HELP_HELP_HELP_3NNARI.hta
Size: 75.78 KB (75787 bytes)
MD5: 0ef13a9213c456db231825061eec294c
Detection count: 5
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_HELP_HELP_HELP_L41VV_.hta File name: _HELP_HELP_HELP_L41VV_.hta
Size: 75.86 KB (75864 bytes)
MD5: c63b4a524713e4c5f3802463cb46dab8
Detection count: 5
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017
%APPDATA%_READ_THI$_FILE_L81EB65A_.hta File name: _READ_THI$_FILE_L81EB65A_.hta
Size: 77.01 KB (77010 bytes)
MD5: 2a6828d2ba37bb97efb4773619b80715
Detection count: 5
Mime Type: unknown/hta
Path: %APPDATA%
Group: Malware file
Last Updated: April 15, 2017

More files

Registry Modifications


The following newly produced Registry Values are:

File name without path# DECRYPT MY FILES #.html# DECRYPT MY FILES #.url# DECRYPT MY FILES #.vbs_README_.htaRegexp file mask%APPDATA%\# DECRYPT MY FILES #.vbs

Related Posts

Posted: March 4, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 164,444
Home Malware Programs Ransomware Cerber Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.