Check Point releases Cerber Ransomware Decrypter Tool

If your files are locked by Cerber Ransomware, you have a solution to unlock them without paying any ransom. Researchers from Check Point have released Cerber Ransomware Decrypter tool that decrypts files encrypted by the ransomware.

Cerber ransomware is a deadly malware that uses Ransomware-as-a-Service infrastructure. It infects users through phishing emails and in the process encrypts files using the RC4 and RSA encryption methods.

What makes Cerber a real threat is the fact that it doesn’t require much effort from attackers to spread. For a small payment, even not so skilled attackers can get hold of developers to obtain an undetected ransomware variant. Then, they can easily manage their active campaigns with a basic web interface.

A recent report by Check Point mentions,

“Cerber affiliates currently run 161 active campaigns, infecting nearly 150,000 victims, with a total estimated profit of $195,000 in July 2016 alone. Each campaign runs separately using a different distribution method and unique packer. The most notable campaign primarily targets users in China and South Korea (Republic of Korea) using the Magnitude Exploit Kit.”

Cerber Ransomware Decrypter Tool

Check Point has released Cerber Ransomware Decrypter tool for victims whose data is encrypted by Cerber 1 and 2. Users have to first download the decryption key from cerberdecrypt.com and then download the Cerber decryptor for further process.

Keeping both the decryption key and the decryptor in the same folder and then running the decryptor as an administrator produces the decrypt files.

Cerber Ransomware Decrypter Tool

Check Point recommends following troubleshooting steps for users running the Decrypter:

  1. Recommended browser while running the web page is Chrome
  2. To Run as administrator, Right click the decryptor file and choose run as administrator
  3. Ensure the file you upload has a “Cerber” or “cerber2” extension and
  4. Make sure the file containing the decrypted key is named “pk” with no extension. In case it has a .txt extension, delete the extension.

UPDATE: The Cerber Ransomware Decryption Tool has been rendered ineffective.

Also, check out this list of free Ransomware Decryptor Tools.

Posted by with Tags

Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.