Ransomware Cerber

The Cerber ransomware has re-emerged, this name was used years ago, but the group does not appear to be the same, which shows that the malware has been sold to a new group.

The new Cerber has one difference from its predecessor, the ability to attack both Windows and Linux operating systems. This capability expands the number of the group’s possible targets.

Not only does its attacks not restrict any specific country, like some ransomware that avoids former Soviet Union countries, the group’s main targets are the United States, Germany, and China.

The group aims to attack Atlassian Confluence and GitLab servers using remote code execution vulnerabilities. Through these vulnerabilities the malware is able to break into the victim’s system and encrypt files, adding the .locked extension to all encrypted files.

The amount of ransom demanded by the group ranges from $1,000 to $3,000, this amount can change according to the size of the victim and the amount of files encrypted.

The best way to protect against Cerber attacks is to keep the Atlassian Confluence and GitLab server systems always up to date, because when there is a known flaw in some programs the development company quickly releases an update to fix the flaw.

But if your servers have already been encrypted by Cerber, we at Digital Recovery can recover all files encrypted by ransomware without the need for a decryption key.

Recover Files Encrypted by Cerber Ransomware

With over 20 years of experience we specialize in recovering ransomware-encrypted data of any kind on any storage device, such as HDD, SSD, Databases, Servers, Virtual Machines, Storages, RAID systems, and more.

Our biggest advantage is our ability to develop unique technologies for data recovery, which puts us among the few companies in the world that can recover files encrypted by ransomware.

All our processes are exclusive and all of them were developed to ensure maximum protection and privacy of customer data. We can also make available to all our customers a non-disclosure agreement (NDA) so the whole process is highly confidential.

We have an emergency recovery mode for cases where speed is vital to the company.

Contact us and start the recovery process right now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.