Belonging to the high-risk ransomware family , CerberTear is recognized as a new variant of Cerber ransomware based on Hidden Tear (i.e., an open-source ransomware project). This threat has been reported firstly discovered by Karsten Hahn. It likewise several other stubborn ransomware threats sneaks secretly inside the user's PC without seeking their approval and then further following that contributes tons of issues in it such as performing a deep scanning of the entire system in search of the files compatible to it's corrupting and then on finding such ones, encrypting them. It meanwhile processing the encryption operation appends “.cerber” extension to the files.
CerberTear unlike it's antecedents (i.e., the original Cerber ransomware) do not brings modification in the preset desktop wallpaper. Moreover it instead of generating three text files namely “.txt”, “.html” and “.url”, jut creates one i.e., “HOW_TO_RESTORE_YOUR_DATA.html” and place it in each folder containing encrypted files. The above mentioned generated file includes a message stating that the files have been encrypted and now to restore them, victims needs to make purchasing of a tool namely “Cerber Decryptor”. The tool costs .4 Bitcoin ( currently, 1 Bitcoin is equivalent to ~$707).
CerberTear regarding file encryption makes usage of asymmetric cryptography. Thus, public (encryption) and the private (decryption) are generated meanwhile processing of the encryption operation. Decryption without the private key is impossible that is stored at the remote servers controlled by the CerberTear's developers. So, the victims are encourages to pay in order to get the private key (without which decryption is impossible). Now although the message appears complete authentic but still it is advised not to trust it and make the payment as it is highly probable that CerberTear's developers are cyber crooks and thus instead of providing the victim with the private key, they will definitely ignore them.
Screenshot of the message encouraging users to contact the developers of CerberTear to decrypt their encrypted data :
How CerberTear Propagates ?
CerberTear mostly distributes through spam emails with the subject of bank bill of the user's credit card. Actually it has been reported literally very easy way to grab user's considerations even in a case they do not own a credit card. What's else, at the time when they check such mails (so called bills) in the attachments, secret invasion of the malicious ransomware program mentioned above occurs in the PC.
Harmful Impact Brought On By CerberTear
- It intrudes secretly inside the PC without the user's considerations.
- It modifies the PC's default settings and stops the users from opening several trustworthy programs.
- CerberTear scrambles the user's data and files. Later on coerce the users to purchase it's key for decrypting the scrambled data.
- It deletes the system's crucial files and leads to system crashes.
- It steals the user's personal as well as confidential stuff and transmit it to the online marketing agent for marketing purpose.
- This ransomware program installs numerous other vicious infections in the PC and makes it's performance extremely poor and sluggish.
Therefore, to avoid such sort of undesired encryption from being occurred in the PC as well as to operate it smoothly, an urgent eradication of CerberTear is needed.
A: How To Remove CerberTear From Your PC
Step: 1 How to Reboot Windows in Safe Mode with Networking.
- Click on Restart button to restart your computer
- Press and hold down the F8 key during the restart process.
- From the boot menu, select Safe Mode with Networking using the arrow keys.
Step: 2 How to Kill CerberTear Related Process From Task Manager
- Press Ctrl+Alt+Del together on your keyboard
- It will Open Task manager on Windows
- Go to Process tab, find the CerberTear related Process.
- Now click on on End Process button to close that task.
Step: 3 Uninstall CerberTear From Windows Control Panel
- Visit the Start menu to open the Control Panel.
- Select Uninstall a Program option from Program category.
- Choose and remove all CerberTear related items from list.
B: How to Restore CerberTear Encrypted Files
Method: 1 By Using ShadowExplorer
After removing CerberTear from PC, it is important that users should restore encrypted files. Since, ransomware encrypts almost all the stored files except the shadow copies, one should attempt to restore original files and folders using shadow copies. This is where ShadowExplorer can prove to be handy.
- Once downloaded, install ShadowExplorer in your PC
- Double Click to open it and now select C: drive from left panel
- In the date filed, users are recommended to select time frame of atleast a month ago
- Select and browse to the folder having encrypted data
- Right Click on the encrypted data and files
- Choose Export option and select a specific destination for restoring the original files
Method:2 Restore Windows PC to Default Factory Settings
Following the above mentioned steps will help in removing CerberTear from PC. However, if still infection persists, users are advised to restore their Windows PC to its Default Factory Settings.
System Restore in Windows XP
- Log on to Windows as Administrator.
- Click Start > All Programs > Accessories.
- Find System Tools and click System Restore
- Select Restore my computer to an earlier time and click Next.
- Choose a restore point when system was not infected and click Next.
System Restore Windows 7/Vista
- Go to Start menu and find Restore in the Search box.
- Now select the System Restore option from search results
- From the System Restore window, click the Next button.
- Now select a restore points when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 8
- Go to the search box and type Control Panel
- Select Control Panel and open Recovery Option.
- Now Select Open System Restore option
- Find out any recent restore point when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 10
- Right click the Start menu and select Control Panel.
- Open Control Panel and Find out the Recovery option.
- Select Recovery > Open System Restore > Next.
- Choose a restore point before infection Next > Finish.
Method:3 Using Data Recovery Software
Restore your files encrypted by CerberTear with help of Data Recovery Software
We understand how important is data for you. Incase the encrypted data cannot be restored using the above methods, users are advised to restore and recover original data using data recovery software.