Malware Ransom Ware

E

Emmvee

Inactive User
Joined
May 17, 2009
Messages
232
Reaction score
5
Hi Guys

I have a clients pc that has been infected with ransom ware , specifically Cerber .
I have removed the virus itself but the fies are obviously still encrypted. I ahve looked at the major anitvirus companies websites and there seems to be very little on a decrypt solution for this extention .Cerber

Any help would be appreciated.
 
Sort by date Sort by votes
  • If hes a client, I would expect theres a back up available, otherwise try below.
  • File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.
 
Upvote 0 Downvote
Im new here but I am an IT. We ran in to this. lol. Sucktastic deal.
Shadow explorer is the program that you want.
I don't have the privilege to upload yet so this is the external link.
what this does is looks for prior deleted restore points and allows you to extract a working image for anything as long as shadow copy was not turned off.
http://www.shadowexplorer.com/uploads/ShadowExplorer-0.9-portable.zip
 
Upvote 0 Downvote
Just a side note on this, should anybody experience this themselves...

Shadow Copies are only any good if small changes have been made, in the event of Ransomware, it is likely that the damaged cause is too great for Shadow Copies to fix (I have seen this on a few occasions with files on a server becoming infected).

Recovering the files without a backup is impossible, my best advice is either a backup solution that regularly encrypts and backs up your files in a proprietary format (Ransomware only normally targets specific file types), these back ups are only recoverable using the backup software. The other option is you take regular backups to an external drive and disconnect the drive when you finished, isolating the data you want to keep from a PC that could become infected
 
Upvote 0 Downvote
This kind of malware is particularly odd and it is pretty difficult to limit the damages and restore data.

The shadow copies might be useful but not surely a guranteed solution.

Paying the ransom might work as well as might result a further loss...

Knowing that this exploit is quite common today and knowing that this malware is so much annoying, the best thing to do is to prevent the malware.

An automated backup procedure is really important and necessary, email handling should be very carefully done according to stict security procedures, for those who receive tons of emails would be wise to avoid to do it on a OS that can be affected by this malware pieces (e.g. linux or others....)
 
Upvote 0 Downvote
Hi,

I have come across may Ransomware infected systems.... they exactly are just scripts/code and only Run Once...

Once the script/code is executed it encrypts whatever it can to the extend that, Except EXE & DLL & Some system files (to Keep your System running so that you can PAY) all other files ... whether Documents, Video, Music, Pictures, Graphics, 3D Design, TXT, Compressed, PST, Databases, etc.. etc... all is encrypted.... even if you have any mapped derives or have attached USB drives at that particular time when the Script/Code was executed... it is not memory resistant and dosent run again and again as traditional viruses/malware does.

if you create a new document, it wont be encrypted... as the damage is already done..

Depending upon the Ransomware, it will Kill your Antivirus, and Shadow copies too...

Unfortunately, there is not single solution to stop it... and no Single cure/remedy to decrypt the files as these Ransomware keep on evolving and updating to bypass any security controls/measures implemented...

Therefore Always BACKUP your IMPORTANT/CRITICAL DATA

But maybe if you are infected with .CERBER V1 you can use following Decryptor and try your luck


INFO
Using the Trend Micro Ransomware File Decryptor Tool


Download Link

http://solutionfile.trendmicro.com/SolutionFile/EN-1114221/RansomwareFileDecryptor 1.0.1655 MUI.zip


Thanks,
 
Upvote 0 Downvote
its been quite a rare experience for me to actually fully recover the data from ransomweare.
i once got it all back from shadow copies, but that was because the virus was interrupted before it could delete them. Your best best is just a data recovery program like r-studio
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

roachieuk
Tech News Android 5.0 Lollipop release date, news and features
Replies
1
Views
2K
danko73
D
roachieuk
The Gentleperson’s Guide To Forum Spies
Replies
4
Views
1K
roachieuk
roachieuk
skinz
A look at how we have impacted our world over the last 30 years "Explore the World"
Replies
0
Views
1K
skinz
skinz
irlam
Xbox Backup Creator v2 9 Build 0425 [Redline99]
Replies
2
Views
7K
irlam
irlam
skinz
Recommended Web Marketing Tools
Replies
0
Views
1K
skinz
skinz
Back
Top