System has been infected from CERBER RANSOMWARE, how to recover data
Hello everybody, My system has been infected from Cerber Ransomware malware, so all data of system has been encrypted ".bc4a" extension file. and my deskop background image has been changed which screen shot i am attaching.
i have tried to decrypt data from Tesla and Ransomware decryptor but i don't got any success. both decryptor prompt message "find out the type of ransomware".
i also try this from Shadow explorer but my system is working on "Windows XP professional SP3 edition. while minimum requirement to install for shadow explorer is Win vista and above. Also try with Spyhunter malware removal program but still problem is remain.
i have to recover all my data because system having all my 8 Years business data and i have no any backup of this.
i am also attaching sample copy of data which has been encrypted.
Last edited by avinashrawat; 09 Dec 2016 at 14:55.
Reason: removed file
I fear that unless there is some sort out of recovery tool specifically to decrypt all variants of Cerber encrypted files, or unless you have a backup of some kind, you may be out of luck.
A lot of the newer variants disable the volume shadow copy service so make it impossible to restore previous versions of files.
I fear that unless there is some sort out of recovery tool specifically to decrypt all variants of Cerber encrypted files, or unless you have a backup of some kind, you may be out of luck.
A lot of the newer variants disable the volume shadow copy service so make it impossible to restore previous versions of files.
My files has been encrypted with .bc4a extension, while above link shows decrypt file with .cerber1 and .cerber2 extension.
So I don't able to decrypt these from available decryptor.
It must be a new variant that uses a new file extension. Ransomware is changing and getting tougher to crack all the time. The best solution is to prevent it in the first place, but that's not going to help you now.
I don't think there will be any solutions to your issue, unless they come out with a new Decryptor tool that can handle the new extensions. I don't know what else to suggest. Don't you have any backups at all?
If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.
If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.
Thank's for your suggestion. I am not interested to buying their subscription ,I can wait for some time. But how I can create image of the drive and after creating image of drive can I upload this on Google drive.
What did you download to cause this, so we all know ??
I am usually use this system for business accounting purpose. Browsing internet only for checking Gmail and downloading mail attachment.
I ,Last downloaded PDF file from my gmail attachment and after this my system has been infected from this type of ransomware.
I am not confirmed that virus has been attached with this PDF. But after downloaded this system and its data has been encrypted
This malware encrypted my all PDF,doc ,xls ,.mdb, db files. It's not encrypted the .exe file. Still .exe files are working smoothly.
Last edited by avinashrawat; 09 Dec 2016 at 14:54.
I realize that this does not help your current predicament, but having 8 years worth of critical work data WITHOUT robust and redundant backups is a dangerous strategy.
I agree with the others that creating and preserving a system image for POSSIBLE future decryption is probably the best bet at this point.
Without backups, however, your data files are probably lost, unless/until a decryption method becomes available.
Since you are a business, I suggest bringing in a paid security professional with expertise in ransomware to help disinfect and harden your network against future threats and to help design a robust data backup plan.
If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.
Thank's for your suggestion. I am not interested to buying their subscription ,I can wait for some time. But how I can create image of the drive and after creating image of drive can I upload this on Google drive.
You'll need to invest in some sort of backup drive as keeping the backups on the same drive is a bad idea. The backups could also be encrypted by the Ransomware. An external drive that's disconnected when not doing backups would be ideal.
I've been searching around trying to find some sort of Decryptor for the .bc4a extension and new encryption keys and so far, haven't found anything. I can only find Decryptors for the older variants that use the .CERBER extension. I will keep an eye out and see if anything hopefully turns up.
Also, keep checking back the bleepingcomputer forum as Roy suggested.
If you do get your files decrypted, be sure to use a reputable Antivirus and also CryptoPrevent is a good piece of software to use:
Hey I had Windows 7 home basic installed on my dell inspiron laptop, and there was only 1 partition (c drive), I think that I deleted something from windows, and now when m switching on the laptop its saying "operating system not found".
Somebody please help me, how can I recover the data on hard...
Quote