Comments on: Stay one step ahead of ransomware – Emsisoft’s Decrypter page https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/ Straight-talking security advice from the Malware Experts Fri, 18 Nov 2022 12:20:16 +0000 hourly 1 By: David Biggar https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-769340 Tue, 04 Oct 2016 18:38:00 +0000 http://blog.emsisoft.com/?p=22406#comment-769340 In reply to vijay.

Currently no, there is no way to decrypt Cerber 3 encrypted files without paying the ransom, which of course is not recommended.

]]>
By: vijay https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-768150 Mon, 03 Oct 2016 15:26:00 +0000 http://blog.emsisoft.com/?p=22406#comment-768150 In reply to David Biggar.

is that possible to decrypt the encrypted file by cerber3 ransomeware

]]>
By: David Biggar https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-714340 Sun, 14 Aug 2016 01:10:00 +0000 http://blog.emsisoft.com/?p=22406#comment-714340 In reply to Chris.

If I’m correct about the ransomware you have, it is Cerber, and this ransomware is currently not decryptable. You may learn more by reading here:

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

If you’d like, you may send an email to support@emsisoft.com and we’ll go through verifying the ransomware variant with you.

]]>
By: Chris https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-709924 Tue, 09 Aug 2016 09:41:00 +0000 http://blog.emsisoft.com/?p=22406#comment-709924 Hi all. My PC got attacked by ransomware called Cerberus. I managed to remove the malware, but all files are still encrypted. See sample.. How do I decrypt the files??
#DECRYPT MY FILES#

]]>
By: cat1092 https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-624859 Sat, 28 May 2016 11:47:00 +0000 http://blog.emsisoft.com/?p=22406#comment-624859 This is also why including keeping active protection with either Emsisoft Anti-Malware or Internet Security, one need to backup offline, every night is a business, at least weekly if Home user, then the backup drive(s) detached from computers(s). Keeping as many backups as possible is key, because some may linger a month before pulling the fatal trigger.

Backups has to be a central point of any computer security plan, by having these, one can avoid ransom payment by restoring the drive(s) from the most recent. That is, after a secure erase of the drive, if SSD, or a more potent tool such as Darin’s Boot & Nuke on HDD’s, booting from the CD & typing ‘autonuke’ at the prompt. This may take overnight to run, depending on size of the drive.

Then to ensure on a HDD that no infection resides in the Bootloader, use a bootable partition tool to reset MBR to the OS being used, or closest to it.

Once the drive is clean, then it’s safe to restore the OS.

Cloning important drives daily & swapping can also help with businesses, and the same for Home users, though on a less frequent schedule. All data should go to another drive as created (preferably detachable external) & should be imaged more often than the OS drive or partition. Should also be detached as soon as any data is copied/saved.

I see this all the time on Bleeping Computer, way too many computer owners falls prey to this, w/out the first backup, nor have created recovery media sets to restore the OS, all too often, while at the same time depending on ‘free’ (some with PUP’s built in) AV solutions. Security should not include popups for 3rd party offerings, while it’s OK to remind when it’s approaching renewal time with or w/out a promo, anything other is unacceptable.

It’s a wonder (yet thankfully) that we don’t see more of these attacks, those running unsupported OS’s are at the most risk. While AV/IS solutions can protect against a lot of attacks, these can’t nor are designed to, patch the OS when needed. And when unsupported, becomes riddled with bullet holes that no security can protect.

So it’s best to run supported Windows, use a quality security offering like Emsisoft provides, have an adequate backup protections plan for your needs in place (and don’t forget to unplug these when not used), keep important data off of the ‘C’ drive as created, chances of paying Ransom are much slimmer.

Sounds complicated? It’s not, anyone can do all of the above with little effort, and in the case of the hospital in the article, chances are, this happened because of lax employee Internet access. All it takes is the opening of one bad email, the heat is on. Employers should not permit those other than key employees needed for day to day operations to have outside Internet access for any reason. They can bring their smartphones or notebooks for checking their own emails, or course off on the company’s network. Maybe one that’s used for guest access where appropriate, otherwise have a strict network policy.

Cat

]]>
By: Donovan Moser https://www.emsisoft.com/en/blog/22406/stay-one-step-ahead-of-ransomware-emsisofts-decrypter-page/#comment-624484 Fri, 27 May 2016 18:21:00 +0000 http://blog.emsisoft.com/?p=22406#comment-624484 Question about the decryptor tool for 777 – if the file exists that the decrypt would be renamed to, does it overwrite or can it skip? – I had to manually restore some files from backup to get the server back up and running enough to run the tool- but don’t want to over-write files that exist if the tool encounters them?

]]>