CerBerSysLock Ransomware

CerBerSysLock Ransomware Description

The CerBerSysLock Ransomware is an encryption ransomware Trojan that was observed on December 7, 2017. The CerBerSysLock Ransomware is connected to the Xorist Ransomware, an encryption ransomware Trojan that uses the XOR encryption to make the victim's files inaccessible, rather than the more popular combination of the AES and RSA encryptions. The CerBerSysLock Ransomware also uses the XOR encryption to make the victims' files unusable. The CerBerSysLock Ransomware, like most encryption ransomware Trojans, spreads using corrupted email attachments, which are connected to spam email messages and social engineering tactics.

Can Your System be Locked by the CerBerSysLock Ransomware?

The CerBerSysLock Ransomware connects to its Command and Control servers to keep the decryption key used to restore the victim's files away from the victim. When the CerBerSysLock Ransomware encrypts the files, they cannot be restored without the decryption key. The CerBerSysLock Ransomware makes it easy for the victim to know which files have been encrypted by adding the file extension '.CerBerSysLocked0009881' to the end of the file's name. The number that follows the string '.CerBerSysLocked' seems to be a unique ID number for each victim. The CerBerSysLock Ransomware will target a wide variety of the user-generated files in its attack. These files may include databases, archives, audio, video, texts, images, and numerous other file types. The file extensions below are examples of the many file types that may be compromised by attacks like the CerBerSysLock Ransomware's:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

The CerBerSysLock Ransomware's Ransom Note

The CerBerSysLock Ransomware delivers a text file named 'HOW TO DECRYPT FILES.txt' to the victim's computer following the encryption of the targeted files. This file delivers a ransom message that threatens the victim with the permanent loss of the affected files unless a ransom is paid. The text of the CerBerSysLock Ransomware's ransom note reads:

'Problem with your Files ?
Don't worry! Your files are SAFE!
Files are Backed up by our Service!
You need to buy Cerber Decryptor v5.0 updated 2017-November
Hi, I'am CERBER RANSOMWARE ?
YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
The only way to decrypt your files is to receive the private key and decryption program.
Contact Email : TerraBytefiles@scryptmail.com
Subject PRIVATE-ID: CerBerSysLocked0009881
!!! ANY ATTEMPTS TO RESTORE YOUR FILES WITH THE THIRD-PARTY SOFTWARE WILL BE FATAL FOR YOUR FILES. !!!
!!! IF YOU ATTEMPT TO RECOVER YOUR DATA WITH OTHER SOFTWARE THE RANSOMWARE WILL SE THIS ACTION.!!!
!!! AND WILL GENERATE ANOTHER CODE ON THE FILES THAT WILL BE IMPOSSIBLE TO RECOVER THEM BACK.!!!
!!!!!PLEASE NE REZONABLE!!!!!
!!! AND FOLLOW THE INSTRUCTION BY CONTACTING THE EMAIL ADDRESS ABOVE. !!!'

The payment of the ransom is not a recommended decision, as well as contacting the people responsible for the attack at the email address associated with the CerBerSysLock Ransomware. Instead of paying the CerBerSysLock Ransomware ransom, computer users should ensure that they have backup copies of their files. This way, they can restore their files from a backup copy after an attack rather than having to deal with these people and their unreasonable ransom demands.

Technical Information

Registry Details

CerBerSysLock Ransomware creates the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.