There is evidence of new Cerber version. Cerber 4.1.3 has just been spotted to be spread by cyber criminals. It is a malware of ransomware type. Thus upon infection Cerber 4.1.3 will encrypt all data stored on the infected computer utilizing strong encoding cipher. Then it will ask for a ransom payment in order to deliver decryption software for the data. If you are infected with the malware, read the article carefully and learn how to remove the threat from your computer.
| Name | Cerber 4.1.3 Ransomware |
| File Extensions | Four random symbols |
| Ransom | Varies |
| Solution #1 | Use an advanced anti-malware tool to remove Cerber 4.1.3 ransomware. |
| Solution #2 | Cerber 4.1.3 Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution | The ransomware is distributed via different tactics – spam email campaigns, exploit kits and malicious URLs. |
Earlier this year security researchers have discovered weaknesses of Cerber ransomware code and released a free decryptor for the threat.
Since then the attackers have been upgrading the code so they have released Cerber2, Cerber3, Cerber4. Furthermore, two updated versions of the fourth variant have been pushed last week – Cerber 4.1.0 and Cerber 4.1.1. Obviously, this is not the end and this article is for the latest version of Cerber – 4.1.3. Meet the details of its features, distribution tactics, and instructions for its removal.
Cerber 4.1.3 Features
Once Cerber 4.1.3 successfully executes its malicious files, it starts a scan of all computer drives. The threat searches for all file types that are included in its target data list. When it detects a match it automatically starts encrypting the file. By utilizing strong encoding ciphers like AES, RSA or combination of both, it encrypts the files making them inaccessible. All video files, documents, images, audio files, databases stored on either internal or external drives and on connected cloud services can be affected by the malicious mechanism of Cerber 4.1.3 ransomware. At the final step of the encryption process the treat generates an unique extension that has four random symbols and attaches it at the end of the original file name. For example, a file with a name ‘data.doc’ will be given the unique name ‘data.doc.bed5’. Then the file becomes unable to be opened by any program.
Next, the threat displays a ransom note that serves as a notification for the victims. It informs them that they have to pay a certain amount of money if they want to receive the special “Cerber decryptor” software. This software will help them to access the files locked by Cerber 4.1.3. Usually attackers demand the ransom amount in Bitcoins. The wallpaper might be providing URLs to Onion network hosts that lead to payment pages.
The infection also modifies registry entries in order to run its encryption module each time the Windows OS is started. So interference in the registry sub-keys Run, and RunOnce might be observed.
Cerber 4.1.3 malicious files may be located in several Windows folders:
- %AppData%
- %Startup%
- %System32%
- %Windows%
- %Local%
- %Roaming%
Distribution Techniques
Similar to the previous Cerber version 4 variants, the ransomware may be spread via spam emails that have attached malicious HTML or JavaScript files compressed in an archive. Another spread method may be utilizing malicious web links that once accessed download the malicious payloads of the threat on the computer.
How to get rid of Cerber 4.1.3?
Cerber version 4.1.3 is an advanced threat that has to be removed from the computer as soon as possible. The instructions below will help you to go through the removal steps. We also strongly advise you to consider an automatic approach that will delete all registry entries and malicious files associated with Cerber 4.1.3. Furthermore, the computer will be secured from future malware intrusions.
Meanwhile, make backup copies of the encrypted files and keep them until there is available decryption tool. As an alternative recovery method, you can use data recovery software.
Cerber 4.1.3 Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
- 1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
- 1) Open My Computer/This PC
2) Windows 7
- – Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
- – Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
- 1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely Cerber 4.1.3 Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
- 1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
2) Restore your personal files using File History
- – Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
3) Using System Restore Point
- – Hit WIN Key
– Select “Open System Restore” and follow the steps
STEP VII: Preventive Security Measures
- 1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
