Ransom.Cerber!g25 is a latest detection in the ransomware category which encrypt files and demand ransom. This nasty threat was first came in the attention of security expert on May 21, 2017. According to infection report this malicious program belongs to the Ransom.Cerber family which disrupt several computer in 2016. This ransomware is designed to target Windows computer and it can easily invade any Windows OS. It is created by group of cyber criminals whose aim is to encrypt data of targeted computer and then extort money from the user. Like other member of Ransom.Cerber family it silently invade its targeted system and immediately start its malicious process. It scans the compromised system and encode the files stored on the local drive as well as the external media connected to the system. After the encryption it is not possible to access the file without unique key.
Ransom.Cerber!g25 : How it carry out its attack?
Similar to most of the file encrypting threat, Ransom.Cerber!g25 also start its malicious process by modifying the system settings. It also create entries in the Windows registry which help it to get automatic start every time whenever the operating system launch. The threat is designed to encode number of file types which also include those files which is frequently used by Windows user. To make the decryption more complex and lengthy the threat also erase the shadow volume copies from the Windows. After the encryption it add an unique extension to the encrypted files and they get turned into a blank icon. Here you can see the file extension which this threat can attempt to encrypt.
In the next level of its process, Ransom.Cerber!g25 drop a ransom note on the desktop of victims computer. The ransom note is known as DECRYPT MY FILES which contains the instruction of decryption. First of all the ransom note inform the user about file encryption and then want them to visit a link to know about decryption. Beside that it also want the victim to pay 1.24 BTC ($524) within seven days. If the victim exceed the time limit then the ransom amount get increased to 2.48 BTC ($1048). But user’s are not suggested to pay the ransom because you never know that you will get the decryptor even you pay the ransom. It should be better if you remove 2.48 BTC Ransom.Cerber!g25 and look for other alternative to restore your files.
How Ransom.Cerber!g25 invade my system?
However the invasion ways of Ransom.Cerber!g25 is not known but report suggest that most of the ransomware get distributed via spam email campaign. Targeted user will get a well crafted email from the ransomware developer which contains an attachment. The attachment is designed so that it looks like a genuine file send by legitimate company or invoice of online store. Remember such attachment may contain harmful execution code which activate the threat in your system. So if you want to prevent the attack of ransomware then do not open any email which look suspicious or send by some unknown person.
Removal instructions of Ransom.Cerber!g25
If you also notice the threat in your system then remove it immediately otherwise it will bring more infection in your system. To remove it manually from your system you can use the following manual removal steps.
Step 1 : Boot your system in Safe Mode with Networking
- Click on Start menu > click Shutdown button.
- Then click on Restart > click OK.
- Start pressing F8 button once system become active.
- Advanced Boot Options window appear on screen.
- Select Safe Mode with Networking and press enter.
Step 2 : Remove ransomware related files from control panel
- Close all the application > select control panel.
- Select uninstall a program option.
- You will get all the installed program.
- Find out program related to Ransomware .
- Click on Uninstall option to remove them.
Step 3 : Remove Malicious Entries From registry
- Press Windows + R button at once.
- It will open the Run Box on screen.
- Type “regedit” to start the Windows registry.
- Search for ransomware related entries.
- Click on Disable option, to remove them.
If you are having problem in removing the ransomware manually then don’t be panic. Use Free-scanner, it automatically scans the system and completely remove threat from it.