CerBerSysLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 17,035 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 368 |
| First Seen: | December 16, 2017 |
| Last Seen: | July 21, 2023 |
| OS(es) Affected: | Windows |
The CerBerSysLock Ransomware is an encryption ransomware Trojan that was observed on December 7, 2017. The CerBerSysLock Ransomware is connected to the Xorist Ransomware, an encryption ransomware Trojan that uses the XOR encryption to make the victim's files inaccessible, rather than the more popular combination of the AES and RSA encryptions. The CerBerSysLock Ransomware also uses the XOR encryption to make the victims' files unusable. The CerBerSysLock Ransomware, like most encryption ransomware Trojans, spreads using corrupted email attachments, which are connected to spam email messages and social engineering tactics.
Table of Contents
Can Your System be Locked by the CerBerSysLock Ransomware?
The CerBerSysLock Ransomware connects to its Command and Control servers to keep the decryption key used to restore the victim's files away from the victim. When the CerBerSysLock Ransomware encrypts the files, they cannot be restored without the decryption key. The CerBerSysLock Ransomware makes it easy for the victim to know which files have been encrypted by adding the file extension '.CerBerSysLocked0009881' to the end of the file's name. The number that follows the string '.CerBerSysLocked' seems to be a unique ID number for each victim. The CerBerSysLock Ransomware will target a wide variety of the user-generated files in its attack. These files may include databases, archives, audio, video, texts, images, and numerous other file types. The file extensions below are examples of the many file types that may be compromised by attacks like the CerBerSysLock Ransomware's:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip
The CerBerSysLock Ransomware’s Ransom Note
The CerBerSysLock Ransomware delivers a text file named 'HOW TO DECRYPT FILES.txt' to the victim's computer following the encryption of the targeted files. This file delivers a ransom message that threatens the victim with the permanent loss of the affected files unless a ransom is paid. The text of the CerBerSysLock Ransomware's ransom note reads:
'Problem with your Files ?
Don't worry! Your files are SAFE!
Files are Backed up by our Service!
You need to buy Cerber Decryptor v5.0 updated 2017-November
Hi, I'am CERBER RANSOMWARE ?
YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
The only way to decrypt your files is to receive the private key and decryption program.
Contact Email : TerraBytefiles@scryptmail.com
Subject PRIVATE-ID: CerBerSysLocked0009881
!!! ANY ATTEMPTS TO RESTORE YOUR FILES WITH THE THIRD-PARTY SOFTWARE WILL BE FATAL FOR YOUR FILES. !!!
!!! IF YOU ATTEMPT TO RECOVER YOUR DATA WITH OTHER SOFTWARE THE RANSOMWARE WILL SE THIS ACTION.!!!
!!! AND WILL GENERATE ANOTHER CODE ON THE FILES THAT WILL BE IMPOSSIBLE TO RECOVER THEM BACK.!!!
!!!!!PLEASE NE REZONABLE!!!!!
!!! AND FOLLOW THE INSTRUCTION BY CONTACTING THE EMAIL ADDRESS ABOVE. !!!'
The payment of the ransom is not a recommended decision, as well as contacting the people responsible for the attack at the email address associated with the CerBerSysLock Ransomware. Instead of paying the CerBerSysLock Ransomware ransom, computer users should ensure that they have backup copies of their files. This way, they can restore their files from a backup copy after an attack rather than having to deal with these people and their unreasonable ransom demands.
