Cerber2 Ransomware

Cerber2 Ransomware is a serious computer infection that targets users’ personal files. It has become clear after the research carried out by specialists working at pcthreat.com that this threat is a new variant of a well-known ransomware infection called Cerber. Therefore, it is not surprising at all that Cerber2 Ransomware shares similarities with this older variant. For example, it has been found that Cerber2 Ransomware locks all the most valuable files the second it enters the computer, for example, you will definitely no longer be able to open .txt, .exe, .dll, .xml, .zip, .png, and other files. Also, you will definitely see that all these files have a new filename extension .Cerber2 (e.g. {random name}.cerber2). Ransomware infections do not lock files just for fun. They are programmed to act like this because cyber criminals simply wish to extort money from computer users. You will be asked to transfer money in Bitcoins to get the decryption tool as well if you have encountered Cerber2 Ransomware, but you should know that our specialists do not recommend doing that even though your very important personal files have been encrypted. Of course, there are several reasons specialists do not think that transferring money to cyber criminals is a clever decision. If you wish to find out more as well, continue reading this report. Once you are done reading, feel free to use our step-by-step instructions which can be found below the last paragraph.

Cerber2 Ransomware will encrypt your personal files within seconds. Then it will create two new .txt and .html files on Desktop containing the information about what has happened to files and what to do next. Last but not least, the Desktop wallpaper will be changed. This picture will also inform users that their “documents, photos, databases and other important files have been encrypted.” Also, you will find “temporary addresses” (they can only be opened with the Tor browser) that will lead to payment pages there. If you open any of these provided links, you will also find out that you have to pay 1.25 BTC, which is approximately $760 at the time of writing. Users can buy the decryption tool for this special price for a limited time only, i.e. 5 days. If a user does not do that within the given time, the sum of the ransom increases up to 2.5 BTC ($1500). It is definitely not easy to decrypt files Cerber2 Ransomware has encrypted because it employs the AES encryption to encrypt personal files and the RSA encryption to encrypt the decryptor. Fortunately, experts have recently developed a free tool (you can download it from the web) that can unlock files locked by Cerber2 Ransomware. It should work for you if you have encountered Cerber Ransomware or Cerber3 Ransomware as well. If all your personal files are backed up, you can immediately go for the Cerber2 Ransomware removal and then recover your files from a backup. Yes, you do not need the special tool in this case.

Even though Cerber2 Ransomware is a new variant of Cerber Ransomware, it does not differ much from the older one. It has been found that they are even distributed in the same way. As it has been revealed after the thorough research, Cerber2 Ransomware is also usually spread via spam email attachments. These attachments are created in such a way so that users would think that they are completely harmless, for example, the attachment might have an icon of a .pdf document. We have to say that ransomware infections might find other ways to enter computers too, for example, another infection might drop them on your computer, so you need to be always cautious. If you surf the web every day, security specialists suggest installing a trustworthy antimalware tool as well. It should help you to protect your computer from threats seeking to enter your system by any means.

It does not mean that your personal files will be immediately unlocked if you remove Cerber2 Ransomware from your computer, but you still need to get rid of this threat if you do not want this ransomware to strike again. You can find the manual removal instructions below this article; however, if this step-by-step guide still does not help you to delete this infection, you should delete this ransomware automatically. You need to know that only very good tools are capable of deleting such a serious infection as ransomware. If you do not have such a scanner, install SpyHunter – you will definitely not get disappointed.

Remove Cerber2 Ransomware manually

1. Tap Win+R.
2. Type regedit.exe and tap Enter.
3. Move to HKCU\Control Panel\Desktop.
4. Locate the Value SCRNSAVE.EXE, right-click on it, and select Delete.
5. Locate the random name Value that belongs to the ransomware infection and remove it from these places:

• HKCU\Software\Microsoft\Command Processor\AutoRun
• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

6. Close the Registry Editor.
7. Tap Win+E.
8. Go to %AppData% (copy and paste in the URL bar).
9. Delete the {random CLSID} folder with the malicious .exe file.
10. Delete files having the .lnk extension (their names will be random) from these directories:

• %ALLUSERSPROFILE%\Start Menu\Programs
• %APPDATA%\Microsoft\Windows\Start Menu\Programs
• %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
• %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
• %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs