Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System has been infected from CERBER RANSOMWARE, how to recover data

09 Oct 2016   #1
avinashrawat

windows 7 ultimate 32 bit
 
 
System has been infected from CERBER RANSOMWARE, how to recover data

Hello everybody, My system has been infected from Cerber Ransomware malware, so all data of system has been encrypted ".bc4a" extension file. and my deskop background image has been changed which screen shot i am attaching.
i have tried to decrypt data from Tesla and Ransomware decryptor but i don't got any success. both decryptor prompt message "find out the type of ransomware".

i also try this from Shadow explorer but my system is working on "Windows XP professional SP3 edition. while minimum requirement to install for shadow explorer is Win vista and above. Also try with Spyhunter malware removal program but still problem is remain.

i have to recover all my data because system having all my 8 Years business data and i have no any backup of this.

i am also attaching sample copy of data which has been decrypted.




Attached Thumbnails
System has been infected from CERBER RANSOMWARE, how to recover data-cerber_1.jpg  
My System SpecsSystem Spec
.
09 Oct 2016   #2
Brds7t7

Windows 7 Pro 64-Bit, Windows 7 Ultimate 64-Bit, Windows 8.1 Pro 64-Bit
 
 

I fear that unless there is some sort out of recovery tool specifically to decrypt all variants of Cerber encrypted files, or unless you have a backup of some kind, you may be out of luck.

A lot of the newer variants disable the volume shadow copy service so make it impossible to restore previous versions of files.

See if this helps:

Check Point releases working Decryptor for the Cerber Ransomware
My System SpecsSystem Spec
09 Oct 2016   #3
avinashrawat

windows 7 ultimate 32 bit
 
 

Quote   Quote: Originally Posted by Brds7t7 View Post
I fear that unless there is some sort out of recovery tool specifically to decrypt all variants of Cerber encrypted files, or unless you have a backup of some kind, you may be out of luck.

A lot of the newer variants disable the volume shadow copy service so make it impossible to restore previous versions of files.

See if this helps:

Check Point releases working Decryptor for the Cerber Ransomware
My files has been encrypted with .bc4a extension, while above link shows decrypt file with .cerber1 and .cerber2 extension.
So I don't able to decrypt these from available decryptor.
My System SpecsSystem Spec
.

09 Oct 2016   #4
Brds7t7

Windows 7 Pro 64-Bit, Windows 7 Ultimate 64-Bit, Windows 8.1 Pro 64-Bit
 
 

It must be a new variant that uses a new file extension. Ransomware is changing and getting tougher to crack all the time. The best solution is to prevent it in the first place, but that's not going to help you now.

I don't think there will be any solutions to your issue, unless they come out with a new Decryptor tool that can handle the new extensions. I don't know what else to suggest. Don't you have any backups at all?
My System SpecsSystem Spec
09 Oct 2016   #5
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Avan

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.

please subscribe to this thread at bleepingcomputers, then if a decryption method is found you will be advised.
(note the thread is currently over a 100 pages)
Cerber Ransomware Support and Help Topic - # DECRYPT MY FILES #.html/.txt/.vbs - Ransomware Help & Tech Support

Roy
My System SpecsSystem Spec
09 Oct 2016   #6
avinashrawat

windows 7 ultimate 32 bit
 
 

Quote   Quote: Originally Posted by torchwood View Post
Hi Avan

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.

please subscribe to this thread at bleepingcomputers, then if a decryption method is found you will be advised.
(note the thread is currently over a 100 pages)
Cerber Ransomware Support and Help Topic - # DECRYPT MY FILES #.html/.txt/.vbs - Ransomware Help & Tech Support

Roy
Thank's for your suggestion. I am not interested to buying their subscription ,I can wait for some time. But how I can create image of the drive and after creating image of drive can I upload this on Google drive.
My System SpecsSystem Spec
10 Oct 2016   #7
AddRAM

Windows 7 Pro x64 Windows 10 Pro x64
 
 

What did you download to cause this, so we all know ??
My System SpecsSystem Spec
10 Oct 2016   #8
avinashrawat

windows 7 ultimate 32 bit
 
 

Quote   Quote: Originally Posted by AddRAM View Post
What did you download to cause this, so we all know ??
I am usually use this system for business accounting purpose. Browseing internet only for checking Gmail and downloading mail attachment.
I ,Last downloaded PDF file from my gmail attachment and after this my system has been infected from this type of ransomware.

I am not confirmed that virus has been attached with this PDF. But after downloaded this system and its data has been encrypted

This malware encrypted my all PDF,doc ,xls ,.mdb, db files. It's not encrypted the .exe file. Still .exe files are working smoothly.
My System SpecsSystem Spec
10 Oct 2016   #9
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

I realize that this does not help your current predicament, but having 8 years worth of critical work data WITHOUT robust and redundant backups is a dangerous strategy.

I agree with the others that creating and preserving a system image for POSSIBLE future decryption is probably the best bet at this point.
Without backups, however, your data files are probably lost, unless/until a decryption method becomes available.

Since you are a business, I suggest bringing in a paid security professional with expertise in ransomware to help disinfect and harden your network against future threats and to help design a robust data backup plan.

MM
My System SpecsSystem Spec
10 Oct 2016   #10
Brds7t7

Windows 7 Pro 64-Bit, Windows 7 Ultimate 64-Bit, Windows 8.1 Pro 64-Bit
 
 

Quote   Quote: Originally Posted by avinashrawat View Post
Quote   Quote: Originally Posted by torchwood View Post
Hi Avan

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.

please subscribe to this thread at bleepingcomputers, then if a decryption method is found you will be advised.
(note the thread is currently over a 100 pages)
Cerber Ransomware Support and Help Topic - # DECRYPT MY FILES #.html/.txt/.vbs - Ransomware Help & Tech Support

Roy
Thank's for your suggestion. I am not interested to buying their subscription ,I can wait for some time. But how I can create image of the drive and after creating image of drive can I upload this on Google drive.
You'll need to invest in some sort of backup drive as keeping the backups on the same drive is a bad idea. The backups could also be encrypted by the Ransomware. An external drive that's disconnected when not doing backups would be ideal.

I've been searching around trying to find some sort of Decryptor for the .bc4a extension and new encryption keys and so far, haven't found anything. I can only find Decryptors for the older variants that use the .CERBER extension. I will keep an eye out and see if anything hopefully turns up.

Also, keep checking back the bleepingcomputer forum as Roy suggested.

If you do get your files decrypted, be sure to use a reputable Antivirus and also CryptoPrevent is a good piece of software to use:

https://www.foolishit.com/cryptoprev...re-prevention/
My System SpecsSystem Spec
Reply

 System has been infected from CERBER RANSOMWARE, how to recover data




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How to recover data if computer ia showing "no operating system found"
Hey I had Windows 7 home basic installed on my dell inspiron laptop, and there was only 1 partition (c drive), I think that I deleted something from windows, and now when m switching on the laptop its saying "operating system not found". Somebody please help me, how can I recover the data on hard...
General Discussion
want help to recover data
After splitting C: drive into two partitions by disk management tool, i am facing following problems: 1. Start up/boot problem (Windows 7 not started) 2. one old partition is hidden i made many different attempt to solve the issue but failed. in my last attempt, i install new windows 7 at...
Installation & Setup
how would i recover my data/files if my operating system is courrupted
if my operating system like xp or win 7 is corrupted/damaged which it can't be started to get/recover my files what software should i use
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App