Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

how to decrypt cerber2 encrypted files

be good to beat evils
Member
Joined
Mar 27, 2008
Messages
1,027
Reaction score
292
good day ragezoners!

i dont know if this is the right section but,
today i am asking fro your help
may PC got infected with ransomeware cerber2
all nt docs, images, videos even some project solution
were infected(encrypted) with .cerber2 extension

i search the whole internet to solve my problem
but theres no such thing

the only way to fix the problem is to pay the ransom

anyone here got the same problem?
or any ideas how can i recover my files without paying bit coins

please i need insights
 
be good to beat evils
Member
Joined
Mar 27, 2008
Messages
1,027
Reaction score
292
@ TimeBomb

its not working anymore
they said it was fix by the cerber group
they enhance their encrypting method now



[h=1]CERBER RANSOMWARE DECRYPTION TOOL[/h]Unfortunately, following our report, the authors of Cerber managed to fix the flaw in their encryption process which enabled us to decrypt files encrypted by Cerber.During the time the decryptor was functional, hundreds of users managed to decrypt their files using our decryptor.We will continue to search for new ways to decrypt files encrypted by Cerber and other ransomware, and return them to their rightful owners.For additional information about the Cerber ransomware, visit the .
 
Initiate Mage
Joined
Aug 22, 2016
Messages
2
Reaction score
0
I had problems with cerber1 ransomware and from my experience I can recommend you:
1) Shadow copies recovery tools - ,
2) TrendMicro decryptor
3) Manual
 
Joined
May 23, 2008
Messages
1,071
Reaction score
574
That's too bad. The general idea behind ransomware is that you, or at least most people, are not able to decrypt it yourself. That's the exact opposite of what they're aiming for, right? Sounds like people were lucky with cerber1 and an exploit was found, but if there's nothing available for cerber2, you may be SOL, at least for now.
 
Initiate Mage
Joined
Aug 22, 2016
Messages
2
Reaction score
0
That sounds really sad... After facing cerber1 i think that must-do for all computer users who care about their data is to make backups of important data/hard drives and keep them in a USB/disk you normally keep disconnected from the computer.
 
be good to beat evils
Member
Joined
Mar 27, 2008
Messages
1,027
Reaction score
292
well i have choice
files are very important

so i decide to pay the ransom

and it does the job done.

its weird, i still thank them
even if they are the one doing the damage

sigh *_*
 
Joined
Feb 22, 2012
Messages
2,100
Reaction score
1,271
well i have choice
files are very important

so i decide to pay the ransom

and it does the job done.

its weird, i still thank them
even if they are the one doing the damage

sigh *_*

I'm sorry for the offtopic message, section mods, but...

Do you thank them for having your files encrypted against your will and being forced to pay? This seems pretty odd to me.



Getting ontopic now, I'm not sure how they work internally, but I wouldn't pay for them to release your files, because you are funding them (even you being forced to). Unfortunately, due to timing, you wouldn't have any other options unless pay them.
 
be good to beat evils
Member
Joined
Mar 27, 2008
Messages
1,027
Reaction score
292
@Droppy

yes i have no plan on paying them i waited for three days before their offer expired , i search on internet ask professionals , but then our files are office files since 2006
so i decided
to pay ransom
luckily their tool is working
but still 1.24 bitcoin hurts
 
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
Can't we reverse the decrypt funcion if we have their tool now?
Its probably going to be packed but if the pack is removed maybe we can work something out and prevent this to happen again
 
Joined
Jun 23, 2010
Messages
2,318
Reaction score
2,195
Can't we reverse the decrypt funcion if we have their tool now?
Its probably going to be packed but if the pack is removed maybe we can work something out and prevent this to happen again

I thought the encrypt/decrypt keys where stored on their servers. if they're smart and I guess they're, then for every "infected" computer they generater new key pairs.

Unles they're stupid enough to retreive keys without checking for payment, then you're fucked.


A idea is to setup a Virtual machine and then monitor it's memory, hdd and network traffic being used.
 
Initiate Mage
Joined
Jun 14, 2017
Messages
1
Reaction score
0
It seems that this source has deeply learned about an issue and gives useful info concerning determination, scanning and avoiding such trash.
 
Back
Top