What is Cerber 5 virus

Cerber is the ransomware, which has terrorized the entire Internet for almost a year. This program was launched in early 2016 and since then tens of thousands of users around the world became its victims and have had to pay a ransom for their own data. The activities of the program has brought its creators, hundreds of thousands of dollars, and caused to its victims damage, worth millions of dollars. The best specialists of the world are trying to crack the virus to allow victims to recover files, but so far their efforts have been unsuccessful. Virus developers are constantly releasing new versions and thereby interfere with the virus fighters advance in research. As with previous versions, Cerber 5 has almost no differences from the previous version, and was released only in order to prevent investigations.

Cerber operating principle remains the same: the virus enters the user's computer and encrypts all the files, which may contain important information. Basically - the files with extensions .doc, .docx, .xlsx, and .pdf. The program scans the hard drive of the infected computer, finds these files and encrypts them in the first place. After this encryption is also subject to all other files. When encryption is completed the user receives a message with the requirements of ransom that explains what happened to the files, how he can restore them and how much it will cost. Cerber virus in particular and ransomware in general are considered to be so dangerous because their actions are irreversible. When a normal virus is removed from the computer, then all its consequences tend to disappear. However, in the case of ransomware, if user received a ransom note - it means that the files are already encrypted, and nothing can be done to them. The only option is to pay 1.24 BTC (or 2.48 BTC if you won't pay in 5 days after the encryption) for the decryption.


Cerber 5 ransomware virus


How Cerber5 gets on user's PC

The new version of Cerber has only one significant difference from the previous - the penetration method. Cerber 5 is actively spreading via RIG-V exploit kit, and also enjoys the usual way to spread via email. As practice shows, the infection via e-mail is the most effective and safe for the attackers. Most e-mail services do not require any information from user, and hackers can create an infinite number of mailboxes and send spam through them. Of course, the boxes will soon be banned because of the complaints of users, but the fraudster will go unpunished. Letters may be of different nature, but their main peculiarity is that they all contain attachments and assume that the user has to open the attachment. The letter stated that the attachment is a document to be printed to obtain discounts or prizes. Just one click on the attachment launches a script that downloads Cerber and installs it on the user's computer. After that, Cerber sets the in the delayed task to start after restarting the computer, and when the user turns on or restarts his PC next time - Cerber attacks.

How Cerber 5 works

There is one assertion that is true in relation to all the computer viruses: it is much easier to keep them away from your computer than to correct the consequences of infection. In the case of Cerber, if the user has given the virus a chance to penetrate the computer unnoticed - the damage is bound to be inflicted. After penetration there is only one possibility to stop the virus - to notice that the encryption process is started. At such moments, the computer starts to run a little slower because some of its capacities are aimed at file encryption. If you catch it and you can see the suspicious process in Task Manager - you can turn off your computer, run it in safe mode and remove the virus. If the encryption pass unnoticed - the files can be considered lost. The virus uses the AES encryption algorithm, which is virtually impossible to crack without the secret key. So far, the frequent updates helped Cerber, but sooner or later the unification of efforts of independent malware fighters and experts from well-known manufacturers of antiviruses will be finally successful, and all the victims of the virus will be able to recover lost files. Until then you should keep the encrypted files somewhere, and wait for the release of decryption tool.

How to remove Cerber 5 Virus

Each victim of ransomware has a choice: he can proceed in three ways. The victim may accept the loss of the files, try to recover them on his ownor with someone else's help, or pay the ransom. In any case, you will have to remove the virus from your computer as if the virus will remain in the system - it will continue to encrypt all new files that get into the system, as well as files on all media, which will be connected to the computer. To avoid this, you can simply use our instructions to remove the ransomware.

How to restore files encrypted by Cerber 5

Unfortunately, there is no way to recover files encrypted with the latest versions of Cerber, except the payment of the virus. Of course, we cannot command you, but we, like all other professionals, strongly suggest you not to pay the ransom, because this will help hackers to continue their criminal activities. The best solution is to remove the virus and save encrypted files as long as the program for decoding will be released. In addition, we have created an article that describes all the possible ways of data recovery, and provides links to sites that are likely to publish news about deciphering Cerber. The article is called "How to restore files after virus encryption".

Recently we saw few messages that state that some anti-virus vendors know how to decipher .cerber files. Alas, this is not entirely true. If you’re a happy owner of premium-class antivirus suite – you should contact the tech-support of your AV software and ask them to solve this problem. In some cases they might just pay the ransom for you.

We hope that this article helped you to figure out what’s going on with your PC and how to manage this. If you have something to say about Cerber, or you encountered some difficulties during the removal process – just leave comments under this article to receive help.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience