Cerber3 Ransomware

Cerber3 Ransomware Description

The Cerber3 Ransomware is a new version of a well-known ransomware Trojan. The Cerber Ransomware Trojan now uses a slightly different method during its attack. The main difference is that the files infected by the Cerber3 Ransomware can be identified through the use of .CERBER3 as the extension that identifies the files that have been encrypted in the attack. PC security analysts had observed a Cerber2 variant of this attack previously. This numbering system may indicate new versions of software, and threats are no exception. The appearance of the Cerber3 Ransomware indicates that the Cerber ransomware family is being developed and updated currently.

The Cerber3 Ransomware and Possible Updates to this Threat

The Cerber3 Ransomware was discovered recently, around the end of August of 2016. The Cerber3 Ransomware presents minor differences from previous versions of this threat. However, it seems that most of the differences are external and that the threat attack is the same essentially. Since the Cerber3 Ransomware is being improved currently, it is likely that new versions or more differences will be uncovered in the following weeks. The reaction of the con artists responsible for this threat may be because a free decryption utility for this threat was released by PC security analysts this year. It seems that this free decryption utility will not work with the Cerber3 Ransomware variant on this attack.

The Cerber3 Ransomware is the Third Version of the Cerber Ransomware

The Cerber3 Ransomware delivers its ransom note in a file named '# HELP DECRYPT #.txt,' which is drops in directories where the Cerber3 Ransomware has encrypted files. The Cerber3 Ransomware ransom note contains information on how to pay by using BitCoins and the Tor browser, and about the attack. Before you pay the ransom, however, malware researchers advise computer users to consider that it is unlikely that the con artists will provide the means to decrypt the files immediately and, even if they do, the payment will be used to continue developing the Cerber3 Ransomware and other threats. It is highly likely that a new decryption tool will be released to deal with the Cerber3 Ransomware variant since it is still essentially the same attack as the first version of this threat.

How the Cerber3 Ransomware may Enter a Computer

The Cerber3 Ransomware, like most Trojans, enters a computer disguised as something else. Many situations may lead to an infection with Trojans like the Cerber3 Ransomware. The most common method is by opening a corrupted email attachment. The Cerber3 Ransomware also may be distributed through unsafe online advertisements or by distributing it on peer-to-peer file sharing networks. Malware analysts strongly advise that computer users take steps to avoid possibly unsafe websites and precautions when dealing with unsolicited email messages and attachments. The best method to ensure that the Cerber3 Ransomware does not enter your computer is to use a security app that is fully up-to-date and has a good anti-spam filter that will prevent corrupted email messages from entering your email inbox (or at least reduce their frequency greatly).

Dealing with the Cerber3 Ransomware

Unfortunately, the reason why threats like the Cerber3 Ransomware and other ransomware Trojans have become so popular among con artists is that they are very difficult to deal with. Even if the Cerber3 Ransomware is removed with an anti-virus program, the victim's files will still be encrypted and useless until the ransom is paid or an appropriate decryption utility is found (which is not common, since these threats tend to use strong encryption methods in their attacks). Because of this, it is important that computer users have good file backup procedures, and appropriate preventive measures and training are established to lower the risk of a Cerber3 Ransomware infection or other, similar ransomware Trojan attacks.

Infected with Cerber3 Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Cerber3 Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Cerber3 Ransomware outbreaks and other threats from global to local level.

File System Details

Cerber3 Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{BC938CB2-9C1B-4D74-24DE-2E5EC4C86636}\dcomcnfg.exe 727,846 dc68c7b1c3042dd4d40ee946dee1981a 4,200
2 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{D356F669-87E8-7418-7B35-4816AA44C40C}\LocationNotifications.exe 782,080 031a213144c5ff102217ddc00adf66d0 1,869
3 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{2B00BCC3-42B1-1D8E-FBA1-383F3D0BDE8C}\help.exe 439,427 22b3148a9cbfa38086e8f683c95964f9 1,598
4 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{1AA55626-AC56-4563-CBB6-A483C4E722F7}\Utilman.exe 204,434 056f18639bf6adea8c35cfc5e32cd0e3 1,089
5 %APPDATA%\{11639717-8C09-D566-9EF6-AD45260A8C71}\ReAgentc.exe 195,204 4655d3e3498f075562f14ba38b2f5e60 802
6 %APPDATA%\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe 945,152 4ed76fc058b1017fcb0da50f0750e487 584
7 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{62E00AE3-5835-75AF-A74E-DAB5F6089633}\shrpubw.exe 188,039 356ea1ee79f9c1f7a4b713028c7f20b5 578
8 %APPDATA%\{B14B87F0-9419-EA86-FF2F-CD5423FD306A}\SynHelper.exe 304,640 519a98004850bb8d671b37ad5a679531 395
9 %APPDATA%\{51FBCA03-C471-95E3-EEA4-70CE8949A24D}\pricefountainupdateverupdate.exe 274,944 b72c37b239dd2f4dad1f386b3a4b911e 385
10 %WINDIR%\system32\config\systemprofile\AppData\Roaming\{B9B945ED-24CB-0419-99B9-7B5BA171E83F}\WPDShextAutoplay.exe 396,032 20feb4e0a8e32043b17e21e9744a13d6 350
11 %APPDATA%\{6A98394A-0B2B-0A56-25B4-AF47E9810A94}\icardagt.exe 397,568 39462c44f21cfaae2d5b1754218f784a 340
12 %APPDATA%\{5F7A8D01-0C53-8D9C-514D-77B40E2F3EA9}\UpdateTask.exe 396,800 ef7c094275615af779d155a1e481683d 338
13 %APPDATA%\{52155399-0CAC-C1D6-31F0-7B8667476241}\SyncTask.exe 408,576 ab632e4d74f52279a7c1f880439f612b 264
14 %APPDATA%\{4BCF77F0-80E3-4C98-E6BE-33D7B8E78393}\syncversion.exe 371,200 ae68f524aa1db4871bda6613616d43c8 256
15 %APPDATA%\{081C35F3-6243-81A1-3A45-093C032C2E9A}\mountvol.exe 212,269 064de7c80f1e37a70ca7b6b72113f3a3 254
More files

Site Disclaimer

2 Comments

  • Peter David:

    If I have already "contracted this virus" should I remove the hard disk affected, or can I continue working with them (as I see NEW files added to computer remain intact and readable} ?

  • santhoshkumartadela:

    How to recover the data after cerber3 is hacked

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 3 + 12 ?