CerBerSysLock Ransomware

CerBerSysLock Ransomware Description

The CerBerSysLock Ransomware is an encryption ransomware Trojan that was observed on December 7, 2017. The CerBerSysLock Ransomware is connected to the Xorist Ransomware, an encryption ransomware Trojan that uses the XOR encryption to make the victim's files inaccessible, rather than the more popular combination of the AES and RSA encryptions. The CerBerSysLock Ransomware also uses the XOR encryption to make the victims' files unusable. The CerBerSysLock Ransomware, like most encryption ransomware Trojans, spreads using corrupted email attachments, which are connected to spam email messages and social engineering tactics.

Can Your System be Locked by the CerBerSysLock Ransomware?

The CerBerSysLock Ransomware connects to its Command and Control servers to keep the decryption key used to restore the victim's files away from the victim. When the CerBerSysLock Ransomware encrypts the files, they cannot be restored without the decryption key. The CerBerSysLock Ransomware makes it easy for the victim to know which files have been encrypted by adding the file extension '.CerBerSysLocked0009881' to the end of the file's name. The number that follows the string '.CerBerSysLocked' seems to be a unique ID number for each victim. The CerBerSysLock Ransomware will target a wide variety of the user-generated files in its attack. These files may include databases, archives, audio, video, texts, images, and numerous other file types. The file extensions below are examples of the many file types that may be compromised by attacks like the CerBerSysLock Ransomware's:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

The CerBerSysLock Ransomware's Ransom Note

The CerBerSysLock Ransomware delivers a text file named 'HOW TO DECRYPT FILES.txt' to the victim's computer following the encryption of the targeted files. This file delivers a ransom message that threatens the victim with the permanent loss of the affected files unless a ransom is paid. The text of the CerBerSysLock Ransomware's ransom note reads:

'Problem with your Files ?
Don't worry! Your files are SAFE!
Files are Backed up by our Service!
You need to buy Cerber Decryptor v5.0 updated 2017-November
Hi, I'am CERBER RANSOMWARE ?
YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
The only way to decrypt your files is to receive the private key and decryption program.
Contact Email : TerraBytefiles@scryptmail.com
Subject PRIVATE-ID: CerBerSysLocked0009881
!!! ANY ATTEMPTS TO RESTORE YOUR FILES WITH THE THIRD-PARTY SOFTWARE WILL BE FATAL FOR YOUR FILES. !!!
!!! IF YOU ATTEMPT TO RECOVER YOUR DATA WITH OTHER SOFTWARE THE RANSOMWARE WILL SE THIS ACTION.!!!
!!! AND WILL GENERATE ANOTHER CODE ON THE FILES THAT WILL BE IMPOSSIBLE TO RECOVER THEM BACK.!!!
!!!!!PLEASE NE REZONABLE!!!!!
!!! AND FOLLOW THE INSTRUCTION BY CONTACTING THE EMAIL ADDRESS ABOVE. !!!'

The payment of the ransom is not a recommended decision, as well as contacting the people responsible for the attack at the email address associated with the CerBerSysLock Ransomware. Instead of paying the CerBerSysLock Ransomware ransom, computer users should ensure that they have backup copies of their files. This way, they can restore their files from a backup copy after an attack rather than having to deal with these people and their unreasonable ransom demands.

Do You Suspect Your PC May Be Infected with CerBerSysLock Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like CerBerSysLock Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.