Check Point Releases Cerber Ransomware Decrypter Tool

by CXOtoday News Desk    Aug 23, 2016

ransomware

In a major relief for those affected by the Cerber Ransomware and decided not to pay the ransomware, the global security vendor Check Point has released Cerber Ransomware Decrypter tool for victims whose data is encrypted by Cerber ransomware 1 and 2. The tool allows victims to recover their computer’s decryption key and decrypt their files for free.  

Cerber ransomware is a deadly malware that uses Ransomware-as-a-Service infrastructure. It infects users through phishing emails and in the process encrypts files using the RC4 and RSA encryption methods.

Read Also: Cisco Report Predicts Next Generation Of Ransomware

What makes Cerber a real threat is the fact that it doesn’t require much effort from attackers to spread. For a small payment, even not so skilled attackers can get hold of developers to obtain an undetected ransomware variant. Then, they can easily manage their active campaigns with a basic web interface.

A recent report by Check Point mentions, “Cerber affiliates currently run 161 active campaigns, infecting nearly 150,000 victims, with a total estimated profit of USD 195,000 in July 2016 alone. Each campaign runs separately using a different distribution method and unique packer. The most notable campaign primarily targets users in China and South Korea (Republic of Korea) using the Magnitude Exploit Kit.”

Read Also: Targeted Ransomware Attacks Steadily On The Rise

In order to use this service, victims can visit the CerberDecrypt.com site and upload an encrypted .CERBER or .CERBER2 file that is 1MB or smaller. Once the file is uploaded, Check Point will extract the private key associated with your computer and make it available for download. Victim’s must then download both the private key file, which will be named pk, and the decryptor to the same folder. Once a victim has downloaded both files, they can simple double-click on the decryptor to start scanning the computer for files to decrypt.