Cerber 5 virus Removal Guide
Description of Cerber 5 ransomware
Hackers don’t stop: Cerber 5 ransomware virus is already here
The developers of Cerber have already started Cerber 5 virus distribution campaign. However, the 5th attempt to create a hazardous malware has been already updated. However, Cerber 5.0.1 ransomware is almost identical. Both versions of malware are distributed via RIG-V exploit kit and after infiltration starts encrypting files using RSA and AES ciphers. The only significant feature is that Cerber 5 ransomware do not encrypt files that are smaller than 2,560 bytes. During data encryption, malware distorts documents, pictures, audio and video files, and appends unique 4-digit file extension. Since then users cannot open and use their personal files. Understanding that you might lose all your memories captured in photos, important work or study documents is frightening. However, if you are afraid to catch ransomware, you should not only take some precautions but make data backups as well. We recommend backing up your files regularly and store them in the external devices. If malware somehow manages to get inside the computer, you can concentrate on Cerber 5 removal and later recover your files for free. Keep in mind that you can use backups only when your computer is cleaned. Otherwise, ransomware might infect your data storage device as well. Then, you are in serious trouble.
After data encryption, Cerber 5 ransomware leaves the same ransom note as previous versions. In the ‘README.hta’ file hackers inform victims that their computers have been infected with Cerber and suggest visiting ‘personal website’. This site includes instructions how to pay the ransom and purchase a possibility do decrypt files using Cerber Decryptor. The size of the ransom varies depending on the size and the importance of the encoded data. However, we do not recommend paying the ransom because you might experience an even bigger loss. Ransomware viruses are created for swindling money from the computer users illegally. So, when they receive your money, they might forget about their promise to give you a mercy and let to use decryption tool. Or they might include malware in the decrypted files and arrange another attack soon. If you paid once, maybe you will pay twice? Instead of motivating hackers and transferring few bitcoins, remove Cerber 5 from the computer. We won’t lie; it’s not an easy task; however, ReimageIntego will help you a lot. At the end of the article, you will find detailed and illustrated instructions that will be useful in Cerber’s elimination.
Malware researchers have noticed an intense competition between the developers of Cerber and Locky. These two cyber threats are the most popular and dangerous this year. Both ransomware viruses are similar, but it seems that developers are willing to exclude their viruses. For example, Cerber 5 virus and its previous versions spread using RIG-V exploit kit, and developers of the Locky use RIG-E exploit kit. Locky has recently managed to step into Facebook and spread its executive file in .svg picture format; meanwhile, Cerber 4.1.6 started targeting and affecting databases of the corporations and organisations. Even though Cerber 5.0.1 ransomware and Osiris virus (latest version of Locky) have just started spreading, this competition between two teams of evil-minded hackers does not promise anything good for the computer users all over the world. For this reason, we recommend making backup copies right now and renew your knowledge about cyber safety.
Cerber’s distribution techniques
For a long time, the main distribution method has been malicious spam emails and their attachments. Cyber criminals learnt how to fool people and convince them to open attached infected document. Cerber 5 virus is also widely spread using this technique; however, the developers found an even better strategy. Malware spread with the help of RIG-V exploit kit. This tool doesn’t need user’s participation and can infiltrate the system by using computer’s vulnerabilities or security flaws. Previously, victims had to click on malicious attachment or link, and now they just need to forget to update one of their programs and Cerber 5 malware might step inside. Meanwhile, Cerber 5.1.0 has been spotted spreading via Google and Tor2Web proxies.Therefore, the main tips for avoiding ransomware are being careful with unknown emails, do not click suspicious content or enter high-risk websites, and keeping your software up-to-date.
The step-by-step guide for Cerber 5 removal
Before telling you steps how to remove Cerber 5, we have to remind that you are dealing with one of the most hazardous viruses at the moment, so you must take its removal seriously. Do not consider to get rid of the malware manually. Only experienced IT specialists can complete this difficult task; regular computer users might fail and damage their PCs even more. For Cerber 5 removal you have to install your preferred antivirus or anti-malware software. Keep in mind that you need a professional application; free or illegal programs will not help you! We recommend initiating Cerber’s removal with ReimageIntego or SpyHunter 5Combo Cleaner. However, before installing these programs, read the instructions below.
Getting rid of Cerber 5 virus. Follow these steps
In-depth guide for the Cerber 5 elimination
The elimination guide can appear too difficult if you are not tech-savvy. It requires some knowledge of computer processes since it includes system changes that need to be performed correctly. You need to take steps carefully and follow the guide avoiding any issues created due to improper setting changes. Automatic methods might suit you better if you find the guide too difficult.
Step 1. Launch Safe Mode with Networking
Safe Mode environment offers better results of manual virus removal
Windows 7 / Vista / XP
- Go to Start.
- Choose Shutdown, then Restart, and OK.
- When your computer boots, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) a few times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click the Start button and choose Settings.
- Scroll down to find Update & Security.
- On the left, pick Recovery.
- Scroll to find Advanced Startup section.
- Click Restart now.
- Choose Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Choose 5) Enable Safe Mode with Networking.
Step 2. End questionable processes
You can rely on Windows Task Manager that finds all the random processes in the background. When the intruder is triggering any processes, you can shut them down:
- Press Ctrl + Shift + Esc keys to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes.
- Look for anything suspicious.
- Right-click and select Open file location.
- Go back to the Process tab, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check the program in Startup
- Press Ctrl + Shift + Esc on your keyboard again.
- Go to the Startup tab.
- Right-click on the suspicious app and pick Disable.
Step 4. Find and eliminate virus files
Data related to the infection can be hidden in various places. Follow the steps and you can find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive (C: is your main drive by default and is likely to be the one that has malicious files in) you want to clean.
- Scroll through the Files to delete and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Eliminate Cerber 5 using System Restore
Step 1: Restart your computer in Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Go to Start → Shutdown → Restart → OK.
- As soon as your computer starts, start pressing F8 key repeatedly before the Windows logo shows up.
- Choose Command Prompt from the list
Windows 10 / Windows 8
- Click on the Power button at the Windows login screen, and then press and hold Shift key on your keyboard. Then click Restart.
- Then select Troubleshoot → Advanced options → Startup Settings and click Restart.
- Once your computer starts, select Enable Safe Mode with Command Prompt from the list of options in Startup Settings.
Step 2: Perform a system restore to recover files and settings
- When the Command Prompt window appears, type in cd restore and press Enter.
- Then type rstrui.exe and hit Enter..
- In a new window that shows up, click the Next button and choose a restore point that was created before the infiltration of Cerber 5 and then click on the Next button again.
- To start system restore, click Yes.
Bonus: Restore your filesUsing the tutorial provided above you should be able to eliminate Cerber 5 from the infected device. novirus.uk team has also prepared an in-depth data recovery guide which you will also find above.
There are a couple of methods you can apply to recover data encrypted by Cerber 5:
Recover files with Data Recovery Pro
Data Recovery Pro is a professional tool that might be helpful in data recovery. It has been created for restoring lost, accidentally deleted or encrypted files, so it might decrypt some of your files as well.
- Download Data Recovery Pro;
- Install Data Recovery on your computer following the steps indicated in the software’s Setup;
- Run the program to scan your device for the data encrypted by Cerber 5 ransomware;
- Recover the data.
Recover files with Windows Previous Versions feature
If System Restore function has been enabled befre Cerber 5 attack, you can try to recover individual files by following these steps:
- Right-click on the encrypted document you want to recover;
- Click “Properties” and navigate to “Previous versions” tab;
- In the “Folder versions” section look for the available file copies. Choose the desired version and press “Restore”.
Recover files with ShadowExplorer
If Cerber 5 ransomware hasn’t deleted Volume Shadow Copies, you can use ShadowExplorer tool for data recovery.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Install Shadow Explorer on your computer following the instructions in the software’s Setup Wizard;
- Run the program. Navigate to the menu on the top-left corner and select a disk containing your encrypted files. Look through the available folders;
- When you find the folder you want to recover, right-click it and select “Export”. Also, choose where the recovered data will be stored.
It is strongly recommended to take precautions and secure your computer from malware attacks. To protect your PC from Cerber 5 and other dangerous viruses, you should install and keep a powerful malware removal tool, for instance, ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting ransomware
Prevent the government from spying on you
As there is a growing debate in government about collecting users' data and spying on citizens, you should take a closer look at this issue and find out what shady ways of gathering information can be used to collect information about you. You need to browse anonymously if you want to avoid any government-initiated spying and tracking of information.
You can enjoy secure internet browsing and minimize the risk of intrusion into your system if you use Private Internet Access VPN program. This VPN application creates a virtual private network and provides access to the required data without any content restrictions.
Control government and other third party access to your data and ensure safe web browsing. Even if you do not engage in illegal activities and trust your ISP, we recommend being careful about your security. You should take extra precautions and start using a VPN program.
Reduce the threat of viruses by backing up your data
Due to their own careless behavior, computer users can suffer various losses caused by cyber infections. Viruses can affect the functionality of the software or directly corrupt data on your system by encrypting it. These problems can disrupt the system and cause you to lose personal data permanently. There is no such threat if you have the latest backups, as you can easily recover lost data and get back to work.
It is recommended to update the backups in parallel each time the system is modified. This way, you will be able to access the latest saved data after an unexpected virus attack or system failure. By having the latest copies of important documents and projects, you will avoid serious inconveniences. File backups are especially useful if malware attacks your system unexpectedly. We recommend using the Data Recovery Pro program to restore the system.