The Cerber ransomware has re-emerged, this name was used years ago, but the group does not appear to be the same, which shows that the malware has been sold to a new group.
The new Cerber has one difference from its predecessor, the ability to attack both Windows and Linux operating systems. This capability expands the number of the group’s possible targets.
Not only does its attacks not restrict any specific country, like some ransomware that avoids former Soviet Union countries, the group’s main targets are the United States, Germany, and China.
The group aims to attack Atlassian Confluence and GitLab servers using remote code execution vulnerabilities. Through these vulnerabilities the malware is able to break into the victim’s system and encrypt files, adding the .locked extension to all encrypted files.
The amount of ransom demanded by the group ranges from $1,000 to $3,000, this amount can change according to the size of the victim and the amount of files encrypted.
The best way to protect against Cerber attacks is to keep the Atlassian Confluence and GitLab server systems always up to date, because when there is a known flaw in some programs the development company quickly releases an update to fix the flaw.
But if your servers have already been encrypted by Cerber, we at Digital Recovery can recover all files encrypted by ransomware without the need for a decryption key.
Recover Files Encrypted by Cerber Ransomware
With over 20 years of experience we specialize in recovering ransomware-encrypted data of any kind on any storage device, such as HDD, SSD, Databases, Servers, Virtual Machines, Storages, RAID systems, and more.
Our biggest advantage is our ability to develop unique technologies for data recovery, which puts us among the few companies in the world that can recover files encrypted by ransomware.
All our processes are exclusive and all of them were developed to ensure maximum protection and privacy of customer data. We can also make available to all our customers a non-disclosure agreement (NDA) so the whole process is highly confidential.
We have an emergency recovery mode for cases where speed is vital to the company.
Contact us and start the recovery process right now.