The Cerber ransomware is a ransomware-as-a-service (RaaS) that is distributed in the dark web hacker’s forums. As a RaaS, this ransomware is licensed to cybercriminals for a 40% cut on all the ransom payments that they receive.
The RaaS model is an evolved form of cyber criminality because it offloads most of the work required to find targets to those who buy the malware. It allows for wider targeting and a potentially larger windfall for the malware creators.
How Does This Cyber Ransomware Work?
Cerber ransomware finds its way into victim’s computers through phishing campaigns, infected websites, and mal-advertising- malware disguised as ads.
When you click on such ads, visit an infected site, or download a contaminated attachment, you inadvertently install the Cerber malware on your computer.
Once it is in, it will silently create a randomly named executable in the Local App Data, or App Data or folder. After this, the malware will scan your computer for files and folders to encrypt with the RSA-2048 key (AES CBC 256-bit encryption) algorithm. Some of the file types that are encrypted by the malware include: .doc, .docx, .xls, .pdf. .jpg, .png, .pptx, .xlsm, and .xlsb. All the encrypted files have the word ‘cerber’ added to their name so that if your original document was myfile.docx, it becomes myfile.docx.cerber.
How to Recognize the Cerber Ransomware
Once the Cerber malware completes its encryption process, it will display a ransom note that informs victims that their files are no longer accessible and what they need to do to have them back. Usually, the note advises the victims to download the Tor browser and to go to a particular website where they can pay the ransom amount. The longer a victim stays without paying, the greater the amount they will have to part with, if they choose to make the ransom payment.
How to Remove the Cerber Malware
First off, you should never consider paying ransom to cybercriminals no matter how desperate you are about getting your files back. Paying ransom only proves to them that their business model of earning by harming others pays, and handsomely for that matter.
Secondly, you can never really be sure that your files are going to be decrypted after paying the ransom amount. In other words, criminals are never to be trusted to keep their word. There is also no guarantee that they will not attack you again sometime in the future.
So, how do you remove the Cerber ransomware if paying a ransom is not an option for you? Luckily, cybersecurity researchers have been aware of the Cerber malware for some time and this has afforded anti-malware solutions a lot of experience when it comes to dealing within.
This is to say that all you need to remove the Cerber ransomware is a reliable anti-malware tool such as Outbyte Antivirus. Also, you need to activate a Windows recovery option after you are done getting rid of the malware as there maybe remnants of it hiding in some hard to find space on your PC.
For the antivirus to be effective, run your Windows computer on Safe Mode with Networking.
Here is how to get to Safe Mode with Networking from a blank screen:
- Hold the power button for 10 seconds to shut down your computer.
- Press the power button again to turn it on.
- On the first sign that your device has powered up, shut it down again by holding the power button.
- Turn it off and on repeatedly until you enter the Windows Recovery Environment (winRE).
- Now that you are in winRE, on the Choose an Option Screen, select Troubleshoot > Advanced Option > Startup > Settings > Restart.
- After your device restarts, press the F5 or 5 keys to get to Safe Mode with Networking.
Safe Mode with Networking gives you the option of accessing network resources that can then be used to download utility tools such as the anti-malware we were talking about, as well as a PC repair tool.
And talking of a PC repair tool, it is best that you have one around as it makes it easier to remove problematic apps, clean registry entries, and delete junk files. A clean computer is much harder to infect because malware will find fewer hiding places.
System Restore
After you clear your computer of any viruses, you still need to use a Windows recovery option, such as System Restore to make sure that the virus has been done with for good.
System Restore will return your computer to an earlier functioning state as long as you have a restore point stored on your computer. To get to System Restore from a blank screen, follow the steps outlined above (Safe Mode with Networking), but instead of going to Startup Settings, select System Restore. From here, choose a restore point that will undo any changes to your computer after the malware infestation.
Refresh Your PC
The Windows refresh option lets you improve the performance of your computer without affecting your personal files and folders or changing your settings. The following are the steps to take:
- Go to Settings > Change PC settings.
- Click Update and recovery.
- Under Refresh your PC without affecting your files, click Get started.
- Follow the on-screen instructions to complete the process.
Note that none of these Windows recovery processes will help you recover your lost files. They are only effective at removing the Cerber ransomware and its dependencies.
How to Stop the Cerber Ransomware from Infecting your Computer
Cerber ransomware mainly spreads through phishing campaigns, so if you could be careful about the email attachments that you choose to download, then you will have a few things to worry about.
At the same time, you need to be careful about the sites that you visit. If your browser warns you that a website is not secure, it is probably a good thing to heed the warning and stay as far away from it as possible.
Finally, have a backup of your most important files so that even if a malware entity was to strike, it would not have so much persuasion over your decisions.