Cerber3 Ransomware Virus - How to Remove?

Cerber ransomware

Cerber3 is new version of Cerber ransomware which overwhelmed the Web few days ago. We've received reports from hundreds of users from many countries of the world, and we think that there were even more victims that just don't know what to do and who can they ask for help. Anyway, if you got Cerber3 on your PC, for now there is no way to decrypt the files without paying the ransom. We have some methods to recover the files, but they aren't 100% effective, and may lead to nothing. But, if you have no other option - you can try them. Also we will tell you about the ways to secure your data and the whole system from ransomware.

What is Cerber3?

Cerber ransomware has a long history (for viruses). The first version appeared in the Web almost two years ago, and became one of the most dangerous ransomware of all time. The first version of the virus has infected thousands of computers and brought to its creators hundreds of thousands of dollars over its lifetime. However, hackers have missed one vulnerability in the code that allowed experts from the American/Japanese company Trend Micro to create a decryption program. The second version wasn't so successful but it was effective enough to infect more than ten thousands of computers and receive profit from it. The enthusiasts have hacked Cerber2 ransomware in few weeks after its release, and the viral developers created the new one - Cerber3. The main difference from the previous versions is in the amount of ransom: 0.7 - 1.4 BTC instead of 1.2 - 2.4. The decrease of cost may be the smart turn, because many users, especially in the emergent countries, just can't pay $1500 for their home videos and favorite music. The extension of encrypted files changes now to .cerber3. All other signs remain unchanged and the list of extensions that could be affected is still very long. Cerber3 uses the AES encryption algorithm, so users aren't able do decrypt files on their own, without private keys. We can say that for now, the only decent method of protection against Cerber3 is backup of all important information.

Method of virus penetration also remains unchanged. Hackers use the most simple and profitable ways: spread via e-mail, malicious sites and torrent trackers. These methods do not shine with originality, and each of them has been used for more than ten years, however, they are still the most effective. After penetration, the virus is attached to the computer, embedded in the startup folder, and the next time you start your computer, virus starts to encrypt files. Encryption takes from several minutes to several hours (depending on the amount of data on the hard drive). After the encryption the virus displays a message stating that all data is encrypted, and prompts the user to pay the ransom, and restore your files. The message is placed on the desktop, and in each folder, which contains encrypted files. If you see this message – your files are already encrypted, and you should take steps to restore them.

How to decrypt the files

As we said earlier, currently there's no decryption tool that can cope with Cerber3 encryption. For now, if you don't have backups of your data - you can't recover them. We have two recovery methods that might help you, but they are not 100% effective, and you should understand that they may not work. Anyway, here they are.

Cerber ransomware

The first method is passive. It is the use of a specially designed decryption program. Most often, these programs are well-known teams of malware-fighters, or anti-virus software vendors. We encourage you to look for decent decipher program on such sites as MalwareHunterTeam, KasperskyLab and EmsiSoft. In fact, this method consists of simple waiting. It won’t suit you, if you need the files immediately, but if you can wait a few weeks or months, as long as the hacker site, or the virus itself will be compromised - this method is ideal for you.

The second method is the usage of usual data recovery tools. There are plenty of them, and you can find the tool for almost all types of recovery: from the dead HDD, from the computer that can't turn on, from flash drives and other devices. But in this situation you should pick the tools that are used to recover the accidentally removed data from Shadow Copies. The best tools for such things are called ShadowExplorer and Recuva. They are fully legal and licensed, and can be downloaded from their official websites, with proper instructions on their use.

How to remove Cerber3

Cerber3 is easy to remove. Other types of malicious programs, like adware or hijackers, are trying to resist the removing, but ransomware uses another method. User doesn't uninstall ransomware because he fears that the ransom price will increase or the files become unable to decrypt. So, the removal process is pretty easy, and you should remove the virus as soon as you realize that you won't pay the ransom. For those who decide to pay we'll say, that the virus contains the information that is necessary to decrypt the files: your ID in hacker's database and the public key. If you will remove the virus before the decryption - you just won't get your data back.

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to protect your data

In today's world the Internet has become a very dangerous place, and each user should be aware of basic safety rules on the Internet. Even if you only use the Internet for entertainment and communication, your computer can be used by hackers to make a profit. Alertness - that's your main weapon against viruses and unwanted programs. Do not visit suspicious sites, do not download unlicensed free content, and do not make purchases on sites that do not have a good reputation. Do not share passwords from any of your accounts to anyone, including those who will say that they are from tech-support. And finally, do not open e-mail attachments that are sent by unknown senders. Compliance with these rules will not require serious efforts, and will help you to keep your computer clean and your data - safe.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.