Security firm provides decryption tool for Cerber ransomware

Security company Check Point has released a decryption tool for the Cerber ransomware. It allows victims of versions 1 and 2 of the malware to unencrypt their files for free.

Check Point says it has conducted an extensive investigation into the Cerber ransomware and was able to develop a decryption tool as a result. It is available on a special site and requires victims to upload a file encrypted by Cerber. After that, a decryption key is created, which must be stored in the same folder with the tool. The tool can then be run with administrator rights to make the affected files available again.

Cerber files are identified by the file extensions “cerber” and “cerber2,” according to Check Point. The company explains that Cerber is available as RaaS, or ransomware as a service. This would also allow users without much computer knowledge to make money with the malware. Cerber creates a unique bitcoin wallet for each infected victim, where the ransom must be sent. That way, the criminals behind Cerber are able to make a total of nearly $1 million in a year, the security firm estimates.

Cerber is widely distributed because the malware is part of major exploit kits, including Magnitude, Rig, and Neutrino. By monitoring command and control servers, Check Point was able to track the number of active Cerber campaigns. In total, the company was able to identify 161 active campaigns, with eight new campaigns being added every day. As a result, Cerber has in recent months managed to make about 150,000 victims worldwide in about 200 countries.