Cerber Ransomware.

[CharlieKasper]

My father's laptop got infected with some ransomware named Cerber and now his desktop wallpaper is something like this.



I looked it up on the internet and apparently there's no way to decrypt those files and the only way out is restoring a backup (which I doubt my father has), or paying the ransom.

Am I royally fucked or is there a chance to fix this?

[Exterminator]

First of all, even if you do pay the ransom you'd probably just get scammed. It's way too risky for the hackers to try to make contact with your computer manually and send a decrypt order.

Luckily for you, there's a chance that they might be bluffing about encrypting (I've seen it happen once or twice). First thing you need to do is download Ubuntu, install it on a flash drive and check out your hard drive. Are all the files there?

Note: If you do make a backup, ONLY backup .pdf, .doc, .xlsx e.t.c. Do not backup files like .exe, .bat. jar e.t.c. They could have been infected.

As for the computer itself, reformat it. There is a very good chance they infected and then encrypted some other .exe files. Even if you do get rid of the virus, you might still have another virus leftover which could send sensitive data to the attacker.

Edit: In the meantime, make sure you do not keep windows booted. Encrypting takes time, it's possible that while you're looking at that screen the virus is encrypting more files.

[Janar]

Exterminator is right there.

For future information - the only way to actually keep your files safe is by having (regular) backups. Very often these cryptoviruses use rather hard encryption, quite possibly AES256 or SHA-somethingsecure. These are pretty much impossible to be cracked at this time.

[CharlieKasper]

Luckily for you, there's a chance that they might be bluffing about encrypting (I've seen it happen once or twice). First thing you need to do is download Ubuntu, install it on a flash drive and check out your hard drive. Are all the files there?

Note: If you do make a backup, ONLY backup .pdf, .doc, .xlsx e.t.c. Do not backup files like .exe, .bat. jar e.t.c. They could have been infected.

When I checked, every file was already encrypted (even doc and jpeg files). Even in the deepest folders, the files had different extensions, so I guess its done.
So yep, I will reinstall Windows.

Exterminator is right there.

For future information - the only way to actually keep your files safe is by having (regular) backups. Very often these cryptoviruses use rather hard encryption, quite possibly AES256 or SHA-somethingsecure. These are pretty much impossible to be cracked at this time.

The first thing I/my father has to figure out is the source of the ransomware. It could be from his email or external sources. I will reformat his laptop and have occasional backup set up.