Check Point releases Cerber Ransomware Decrypter Tool

If your files are locked by Cerber Ransomware, you have a solution to unlock them without paying any ransom. Researchers from Check Point have released Cerber Ransomware Decrypter tool that decrypts files encrypted by the ransomware.

Cerber ransomware is a deadly malware that uses Ransomware-as-a-Service infrastructure. It infects users through phishing emails and in the process encrypts files using the RC4 and RSA encryption methods.

What makes Cerber a real threat is the fact that it doesn’t require much effort from attackers to spread. For a small payment, even not so skilled attackers can get hold of developers to obtain an undetected ransomware variant. Then, they can easily manage their active campaigns with a basic web interface.

A recent report by Check Point mentions,

“Cerber affiliates currently run 161 active campaigns, infecting nearly 150,000 victims, with a total estimated profit of $195,000 in July 2016 alone. Each campaign runs separately using a different distribution method and unique packer. The most notable campaign primarily targets users in China and South Korea (Republic of Korea) using the Magnitude Exploit Kit.”

Cerber Ransomware Decrypter Tool

Check Point has released Cerber Ransomware Decrypter tool for victims whose data is encrypted by Cerber 1 and 2. Users have to first download the decryption key from and then download the Cerber decryptor for further process.

Keeping both the decryption key and the decryptor in the same folder and then running the decryptor as an administrator produces the decrypt files.

Cerber Ransomware Decrypter Tool

Check Point recommends following troubleshooting steps for users running the Decrypter:

  1. Recommended browser while running the web page is Chrome
  2. To Run as administrator, Right click the decryptor file and choose run as administrator
  3. Ensure the file you upload has a “Cerber” or “cerber2” extension and
  4. Make sure the file containing the decrypted key is named “pk” with no extension. In case it has a .txt extension, delete the extension.

UPDATE: The Cerber Ransomware Decryption Tool has been rendered ineffective.

Also, check out this list of free Ransomware Decryptor Tools.

Posted by with Tags
Ankit Gupta is an Engineering graduate & an MBA post graduate. He brings with himself 3 years plus global writing experience on technology, travel & finance. He follows technological developments, especially on gadgets. Apart from having an interest in following Microsoft, he also has a deep liking for wild life, & travels to various wildlife conservatories, to be with nature.