How to remove Cerber Ransomware
and restore your files

Never pay Hackers for your own files.
Read our guide and learn how to decrypt your files...

Ransomware is a type of software attack that is designed to block access to your computer's files until a fee is paid to the attacker. The attack gets its name from the criminal practice of keeping items from their owners to extort money to secure their safe release.It is advised not to pay attackers who hold your files for ransom as there is no guarantee that you will be given your files back. Ransoms can often be paid without the criminals releasing the files but instead asking for further payments.

Ransomware can come in many forms, shapes and sizes. A simple ransomware attack may take over your screen and lock your computer in a way that's difficult to reverse without specialist knowledge, whereas an advanced attack often encrypts the victim's files, rendering them unusable until a ransom payment is made to acquire the decryption key. Remember there is no guarantee that sending these criminal organisations the ransom will lead to the safe decryption of your files and paying often leads to repeated attacks.

Are ransomware attacks becoming more common?

Mcafee released data in 2013 which suggested it had collected more than a quarter of a million unique ransomware programs in the first quarter of 2013. This figure was more than double what they had recorded in the first quarter of 2012, which clearly illustrates the growth in popularity of the attack in recent years. Malware attacks like these can be initiated from many places including email attachments, torrents, fake software updates and some business owners have even said they were infected by CV attachments.Ransomware is a huge pain and Cerber ransomware is no different. Cerber is a ransomware-type malware that can infiltrate a PC system and encrypt all of the files on the disk. Once the files are encrypted, Cerber adds a .cerber extension to each file and demands ransom payment in order to decrypt them using the cerber ransomware removal tool.

One incredible feature is that the Cerber virus will not infect your PC if you are from Azerbaijan, Armenia, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine, Uzbekistan.The ransom typically varies from 1.2 to 1.3 bitcoins which often has a monetary value of approximately 500USD. If left unpaid for seven days the price rises to 2.4BTC which can further encourage victims to pay for the decryption. Victims of cerber are instructed to pay their ransom by following the instructions given on the attacker's website using the anonymous Tor browser.



Cerber Ransomware

So how do you remove the ransomware and decrypt your files?

Unfortunately, there is no known way to currently decrypt the files that have been locked by the Cerber ransomware virus, although it is often said that computer experts are working to create a decryption tool or Cerber ransomware fix to help Cerber victims.We currently have two suggestions to remove the Ransomware:


1.Removing Cerber Ransomware using Safe mode with networking

Start your computer in Safe mode with Networking by pressing the F8 button on your keyboard multiple times during your computer's start up processes. This should bring up the Advanced Boot options, where you can select Safe mode with Networking from the list.Next, log into the infected account and Run your antivirus program. If you do not currently have an antivirus you can use the internet browser to download one and remove all entries found in your system.


2.Removing Cerber Ransomware using System Restore

Start your computer in Safe mode with Command Prompt by pressing the F8 button on your keyboard multiple times during your computer's start up processes. When this brings up the Advanced boot options menu, select Safe mode with Command Prompt from the list.Once the Command Prompt opens, enter the text "cd restore" and press ENTER.On the next line, enter the text "rstrui.exe" and press ENTER.A system restore window should now open, click next and select one of your restore points. This should restore your PC to a time and date prior to being infected with the cerber virus.


3.(Bonus) Restoring encrypted Cerber Ransomware files using Shadow files

Our third bonus option won't work for everybody but it is worth a try as it does work. It is a restore of your encrypted files from their shadow copies, with the idea relying on the workings of both the computer and the actions of the virus itself. Cerber can not change the files that it encrypts, it creates the encrypted copies and deletes the originals. In the precise moment the virus deletes the originals, your computer system makes shadow copies which can be used to restore the original files.

Ransomware is slowly becoming more common and effective with its attacks affecting both small and large businesses, halting productivity and destroying professional archives. Even on personal machines, the files and data affected by the virus are often important enough to encourage victims to pay the ransom for the cerber ransomware decryptor.

Avoiding the threat of ransomware attacks requires strong data protection protocols and the inclusion of proactive measures such as regularly taking back ups of your system so that system restore is a viable option. Traditional defences are usually set up in a reactive manner that may miss steps in an attack.


Always remember:

  • Disconnect or remove your infected drives from the Network
  • Use System Restore to go back to an earlier date (make sure it is before you were infected)
  • Scan your system for malware using Antivirus software
  • Do Not Pay Under Any Circumstances