Best Security Search
Ransomware

Remove Cerber 4.1.5 and Fix Your Windows PC

The Cerber ransom-spree continues with Cerber 4.1.5. Similar to the older 4.X versions, Cerber 4.1.5 uses a four character extension for encrypted files. There are about half a dozen Cerer variants floating around the Internet. The virus demands payment in BitCoin for the decryption of locked files. The virus is dangerous, but it can still be removed. You can delete Cerber 4.1.5 with the help of this article.


Name
Cerber 4.1.5

File Extensions
random four character extension

Ransom
Around 1 BitCoin or $700

Solution #1
You can skip all steps and remove Cerber 4.1.5 with the help of an anti-malware tool.

Solution #2
Cerber 4.1.5 ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Email Spam, exploit kits.

Cerber 4.1.5 Ransomware Spam – How Does The Virus Spread?

Email spam is the main method of distribution in the Cerber ransomware family. Cerber 4.15 is no exception. The virus is spread through emails containing malicious attachments, most often ZIP files that hide infectious documents.

These documents, often word files will look like official Microsoft manuals. They’ll ask the victim to enable macros which will start the infection. The emails themselves may be masked to look like automated responses from a bot.


Protection against Cerber ransomware virus


You can protect your system from the Cerber ransomware family by following these simple guidelines:

  • Avoid clicking on suspicious links
  • Don’t download zip attachments from emails unless they were sent from a reliable source
  • Avoid making accounts to shady websites. That can add your email to a spambot list

Prevention is always the best medicine. That’s why it’s best to download an anti-malware tool that will warn you of cyber-security threats such as ransomware, browser hijackers, Trojans, adware, and more.

Can I Remove Cerber 4.1.5 Ransomware Virus?

The removal of Cerber 4.1.5 can be somewhat tricky for the average user. It requires tempering with the Windows’s settings and processes. This can be dangerous, as Cerber 4.1.5 is very dangerous virus. A small mistake can lead to loss of encrypted data. That’s why it’s better to leave the deletion process to a professionally developed anti-malware tool which can remove the virus. Additionally, the anti-malware tool will protect your PC from malware threats in the future.

October 13 Cerber 4.1.5 Ransomware Campaign Details

On October 13 malware researchers uncovered an attack bearing the Cerber 4.1.5 ransomware virus via the RIG Exploit Kit. The attack was of interest to the security experts as it allowed the security researchers to see how infections are made in live attacks. This particular incident was using three separate iterations of the exploit kit:

  • Rig-v – A customized version of the Rig Exploit Kit with new URL patterns, new landing page obfuscation mechanism and RC4 encoding of the payload. This has been used in the Afraidgate and pseudoDarkleech campaigns so far. Some experts name this as a “VIP” version of the dangerous software.
  • RIG-E – A variant of the RIG Exploit Kit that uses the old URL patterns and the same payload obfuscation teechniques and landing page structure. This is also known as the “Empire Pack”.
  • RIG Standard – A standard version like RIG-E that uses new URL patterns.

The virus was spread through a compromised web site that distributed the RIG Exploit kit. The campaign featured the following malware hosts:

  • joellipman.com – Compromised site
  • 109.234.35.232 port 80 – new.vividsydney.live – RIG-v
  • 65.55.50.0 – 65.55.50.31 (65.55.50.0/27) port 6892 – UDP traffic caused by Cerber
  • 192.42.118.0 – 192.42.118.31 (192.42.118.0/27)port 6892 – UDP traffic caused by Cerber
  • 194.165.16.0 – 194.165.19.255 (194.165.16.0/22) port 6892 – UDP traffic caused by Cerber
  • 104.238.215.11 port 80 – lfdachijzuwx4bc4.p7k7t4.top – HTTP traffic caused by Cerber

For more detailed information you can read the in-depth analysis here.

Cerber 4.1.5 Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete Cerber 4.1.5 completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely Cerber 4.1.5 Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of Cerber 4.1.5 requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete Cerber 4.1.5 ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

The Review

50%

50%
Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.