Cerber 6 Ransomware Removal Report

Cerber 6 Ransomware Description

Type: Ransomware

The Cerber family of ransomware is known for its sophistication and its development of cutting- edge threats technology. PC security researchers have noticed a new variant in this family, the Cerber 6 Ransomware, which first appeared in April 2017. The Cerber 6 Ransomware is being delivered in a wide variety of ways and seems to include new encryption methods and attack strategies.

The Threat Presented by a Cerber 6 Ransomware Attack

The members of the Cerber family have been near the top of the charts of most widely disseminated ransomware threats. In fact, threats in this family accounted for more than 85% of ransomware infections in the first quarter of 2017. The Cerber 6 Ransomware and its previous variants have been responsible for generating millions of dollars for its creators around the world. One of the reasons why the Cerber 6 Ransomware has been especially effective in generating revenue is that it is being distributed as a RaaS (Ransomware as a Service) currently, where con artists pay for the rights to distribute the Cerber 6 Ransomware, sharing the profits with the Cerber Ransomware's creators.

The New Features in the Cerber 6 Ransomware

The Cerber 6 Ransomware features new delivery methods and a newly updated encryption method. The Cerber 6 Ransomware also includes new defense mechanisms and obfuscation, which include techniques that allow the Cerber 6 Ransomware to bypass many security programs or to detect when it is running in a sandbox environment or virtual system (both of which may be used by PC security researchers to study these threats.) It is clear that threats in the Cerber family are being updated constantly and, since its appearance in 2016, with new versions in this family adding new features, staying ahead of malware researchers and security software.

The Cerber 6 Ransomware is being delivered to victims using spam email messages currently. The Cerber 6 Ransomware is being delivered in emails that use social engineering to trick computer users into opening a ZIP file attachment, which itself contains a JS, or JavaScript file. This corrupted JavaScript file downloads and installs the Cerber 6 Ransomware on the victim's computer. The Cerber 6 Ransomware uses a time delay that allows it to avoid certain sandbox environments. There are several features in the Cerber 6 Ransomware that have caught the attention of malware researchers. The Cerber 6 Ransomware will terminate file processes that could interfere with its encryption routine. The Cerber 6 Ransomware will use file extensions to avoid certain files during encryption. The Cerber 6 Ransomware can interfere with the Windows Firewall, blocking certain firewalls and interfering with security software and restrictions. The detection and removal of a Cerber 6 Ransomware infection will be more difficult due to this interference. The Cerber 6 Ransomware also can self-destruct if the computer has characteristics of a virtualized environment.

One aspect of the Cerber 6 Ransomware that makes it different from various other ransomware Trojans is that it has avoided the use of the RSA and RC4 encryption algorithms in its attacks, which are the most commonly used in these attacks. The Cerber 6 Ransomware attack favors the Cryptographic Application Programming Interface to carry out its encryption attack.

Protecting Your Computer from the Cerber 6 Ransomware and Similar Trojans

Despite that the Cerber 6 Ransomware includes advanced new features, the way to protect your computer from the Cerber 6 Ransomware remains the same as with the countless other ransomware variants that have preceded it. Having backup copies of your files on an external memory device remains (and will remain) the best protection against ransomware like the Cerber 6 Ransomware. This is because having the ability to restore the affected files from a backup copy undoes the Cerber 6 Ransomware attack completely since the con artists lose any power they have over the victim.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Cerber 6 Ransomware

File System Details

Cerber 6 Ransomware creates the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detection Count
1	_README_HRZVCO6_.hta	16b5a4fe87e1a3eec470a47a33c6630e	61
Name: _README_HRZVCO6_.hta MD5: 16b5a4fe87e1a3eec470a47a33c6630e Size: 67.74 KB (67748 bytes) Detection Count: 61 Path: %ALLUSERSPROFILE%\ Group: Malware file Last Updated: April 28, 2017
2	_README_IAXO29_.hta	57acadeabfc8883af78bbeb9dc2199bf	21
Name: _README_IAXO29_.hta MD5: 57acadeabfc8883af78bbeb9dc2199bf Size: 67.74 KB (67748 bytes) Detection Count: 21 Path: %APPDATA%\ Group: Malware file Last Updated: April 28, 2017
3	_HELP_HELP_HELP_QUCBCBS1_.hta	c042f1d91619e9b4f91bf1e1b78fee85	14
Name: _HELP_HELP_HELP_QUCBCBS1_.hta MD5: c042f1d91619e9b4f91bf1e1b78fee85 Size: 75.86 KB (75864 bytes) Detection Count: 14 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
4	_HELP_HELP_HELP_RSHI_.hta	a46e5f2ce8a20bbb8548959debb9ac0c	10
Name: _HELP_HELP_HELP_RSHI_.hta MD5: a46e5f2ce8a20bbb8548959debb9ac0c Size: 75.9 KB (75904 bytes) Detection Count: 10 Path: %USERPROFILE%\Start Menu\Programs\Startup\ Group: Malware file Last Updated: April 15, 2017
5	_HELP_HELP_HELP_STOV8H1_.hta	1632ca0953d5499bf251455159a80ea0	6
Name: _HELP_HELP_HELP_STOV8H1_.hta MD5: 1632ca0953d5499bf251455159a80ea0 Size: 75.86 KB (75864 bytes) Detection Count: 6 Path: %USERPROFILE%\Start Menu\Programs\Startup\ Group: Malware file Last Updated: April 15, 2017
6	amanda.exe	5d01ac55674af365c67d4579b38fbe75	5
Name: amanda.exe MD5: 5d01ac55674af365c67d4579b38fbe75 Size: 186.3 KB (186301 bytes) Detection Count: 5 Type: Executable File Path: %APPDATA%\ Group: Malware file Last Updated: March 31, 2017
7	_HELP_HELP_HELP_ND8FZ.hta	041ef4b6a12e0b3165172884301b0d1e	5
Name: _HELP_HELP_HELP_ND8FZ.hta MD5: 041ef4b6a12e0b3165172884301b0d1e Size: 75.78 KB (75787 bytes) Detection Count: 5 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
8	_HELP_HELP_HELP_Z49XU_.hta	243d0fd4f4bee5f11698c20d43b958ff	4
Name: _HELP_HELP_HELP_Z49XU_.hta MD5: 243d0fd4f4bee5f11698c20d43b958ff Size: 75.86 KB (75862 bytes) Detection Count: 4 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
9	_HELP_HELP_HELP_XJ7UC8.hta	4ab1a256a5115d00fa7a3222936ddc03	3
Name: _HELP_HELP_HELP_XJ7UC8.hta MD5: 4ab1a256a5115d00fa7a3222936ddc03 Size: 75.78 KB (75787 bytes) Detection Count: 3 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
10	_HELP_HELP_HELP_WMB7F1L.hta	9befacccf34d60ad1f141e531ddbba52	3
Name: _HELP_HELP_HELP_WMB7F1L.hta MD5: 9befacccf34d60ad1f141e531ddbba52 Size: 75.78 KB (75787 bytes) Detection Count: 3 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
11	_HELP_HELP_HELP_XFCV_.hta	01ec9e50d17de043a23997d6562293ad	3
Name: _HELP_HELP_HELP_XFCV_.hta MD5: 01ec9e50d17de043a23997d6562293ad Size: 75.9 KB (75904 bytes) Detection Count: 3 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
12	_HELP_HELP_HELP_2AK4U21_.hta	55790c64ce1ff75647d5cadcadf3876e	3
Name: _HELP_HELP_HELP_2AK4U21_.hta MD5: 55790c64ce1ff75647d5cadcadf3876e Size: 75.89 KB (75898 bytes) Detection Count: 3 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
13	Larry.dll	c8345f17fe15861cca78b45414357f6c	2
Name: Larry.dll MD5: c8345f17fe15861cca78b45414357f6c Size: 64 KB (64000 bytes) Detection Count: 2 Type: Dynamic link library Path: %SystemDrive%\Users\erik\AppData\Roaming\ Group: Malware file Last Updated: December 23, 2016
14	_HELP_HELP_HELP_3NNARI.hta	0ef13a9213c456db231825061eec294c	2
Name: _HELP_HELP_HELP_3NNARI.hta MD5: 0ef13a9213c456db231825061eec294c Size: 75.78 KB (75787 bytes) Detection Count: 2 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
15	_HELP_HELP_HELP_L41VV_.hta	c63b4a524713e4c5f3802463cb46dab8	2
Name: _HELP_HELP_HELP_L41VV_.hta MD5: c63b4a524713e4c5f3802463cb46dab8 Size: 75.86 KB (75864 bytes) Detection Count: 2 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
16	_READ_THI$_FILE_L81EB65A_.hta	2a6828d2ba37bb97efb4773619b80715	2
Name: _READ_THI$_FILE_L81EB65A_.hta MD5: 2a6828d2ba37bb97efb4773619b80715 Size: 77.01 KB (77010 bytes) Detection Count: 2 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
17	_HELP_HELP_HELP_KJ2P.hta	6689ad9f43ab19a1ccfad9db6a16b772	1
Name: _HELP_HELP_HELP_KJ2P.hta MD5: 6689ad9f43ab19a1ccfad9db6a16b772 Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
18	_HELP_HELP_HELP_IGTRU.hta	c1ea46e1877d089983a4d9060997b04f	1
Name: _HELP_HELP_HELP_IGTRU.hta MD5: c1ea46e1877d089983a4d9060997b04f Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
19	_HELP_HELP_HELP_5B3HEZ6.hta	b10e6f69d0c16008410b5c8cfaae0138	1
Name: _HELP_HELP_HELP_5B3HEZ6.hta MD5: b10e6f69d0c16008410b5c8cfaae0138 Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
20	_HELP_HELP_HELP_8EWN8.hta	6f59455817d32c34ae35aac63043f285	1
Name: _HELP_HELP_HELP_8EWN8.hta MD5: 6f59455817d32c34ae35aac63043f285 Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
21	_HELP_HELP_HELP_2R9I63OS.hta	a2daec078c54bb6bc5e96038a1506f2c	1
Name: _HELP_HELP_HELP_2R9I63OS.hta MD5: a2daec078c54bb6bc5e96038a1506f2c Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
22	_HELP_HELP_HELP_UYUR4YE.hta	bc0c75128b9cbc02c8c053c1155fb6d9	1
Name: _HELP_HELP_HELP_UYUR4YE.hta MD5: bc0c75128b9cbc02c8c053c1155fb6d9 Size: 75.79 KB (75794 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
23	_HELP_HELP_HELP_CKJ4GL.hta	99d3fc208d3623107cfb18a9069e23bd	1
Name: _HELP_HELP_HELP_CKJ4GL.hta MD5: 99d3fc208d3623107cfb18a9069e23bd Size: 75.78 KB (75787 bytes) Detection Count: 1 Path: %SystemDrive%\Documents and Settings\STEVE\Application Data\ Group: Malware file Last Updated: April 15, 2017
24	_HELP_HELP_HELP_SUXEZY_.hta	5190e890725bf431ba44001e190c70f5	1
Name: _HELP_HELP_HELP_SUXEZY_.hta MD5: 5190e890725bf431ba44001e190c70f5 Size: 75.9 KB (75904 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
25	_HELP_HELP_HELP_GLP9_.hta	5f7533c663ddb4c0ae4dbbaafb50d491	1
Name: _HELP_HELP_HELP_GLP9_.hta MD5: 5f7533c663ddb4c0ae4dbbaafb50d491 Size: 75.86 KB (75864 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
26	_HELP_HELP_HELP_HUUKTW_.hta	0224da72bc3638b351cf509cdfc443c2	1
Name: _HELP_HELP_HELP_HUUKTW_.hta MD5: 0224da72bc3638b351cf509cdfc443c2 Size: 75.86 KB (75864 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
27	_READ_THI$_FILE_DB3DT9_.hta	7476a75b0680d99f5338b886bc7def62	1
Name: _READ_THI$_FILE_DB3DT9_.hta MD5: 7476a75b0680d99f5338b886bc7def62 Size: 77.05 KB (77053 bytes) Detection Count: 1 Path: %APPDATA%\ Group: Malware file Last Updated: April 15, 2017
28	wP6fT.exe	731279e3c09f8e52a849c0a9c1043bb5	1
Name: wP6fT.exe MD5: 731279e3c09f8e52a849c0a9c1043bb5 Size: 322.56 KB (322560 bytes) Detection Count: 1 Type: Executable File Path: %APPDATA%\ Group: Malware file Last Updated: July 18, 2017

More files

Registry Details

Cerber 6 Ransomware creates the following registry entry or registry entries:

File name without path

# DECRYPT MY FILES #.html

# DECRYPT MY FILES #.url

# DECRYPT MY FILES #.vbs

_README_.hta

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Ranking:	5,797
Threat Level:	100 % (High)
Infected Computers:	71,647

First Seen:	March 4, 2016
Last Seen:	April 30, 2022
OS(es) Affected:	Windows

Cerber 6 Ransomware

Cerber 6 Ransomware Description

The Threat Presented by a Cerber 6 Ransomware Attack

The New Features in the Cerber 6 Ransomware

Protecting Your Computer from the Cerber 6 Ransomware and Similar Trojans

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Cerber 6 Ransomware

File System Details

Registry Details

Site Disclaimer

Your comment is awaiting moderation.

Please verify that you are not a robot.

Leave a Reply

EnigmaSoft Threat Scorecard

Popular Malware

Popular Trojans

Popular Ransomware

Popular Issues

Popular How-Tos

Products

Malware Research

Company

Legal