Ransomware Cerber

The Cerber ransomware has re-emerged, this name was used years ago but the group does not appear to be the same, which shows that the malware has been sold to a new group.

The new Cerber has one difference from its predecessor, the ability to attack both Windows and Linux operating systems. This capability expands the number of the group’s possible targets.

Not only does its attacks not restrict any specific country, like some ransomware that avoids former Soviet Union countries, the group’s main targets are the United States, Germany and China.

The group aims to attack Atlassian Confluence and GitLab servers using remote code execution vulnerabilities. Through these vulnerabilities the malware is able to break into the victim’s system and encrypt files, adding the .locked extension to all encrypted files.

The amount of ransom demanded by the group ranges from $1,000 to $3,000, this amount can change according to the size of the victim and the amount of files encrypted.

The best way to guard against Cerber attacks is to always keep the Atlassian Confluence and GitLab server systems up to date, because when there is a known flaw in some programs the development company quickly releases an update to fix the flaw.

But if your servers have already been encrypted by Cerber, we at Digital Recovery can recover all files encrypted by the ransomware without the need for a decryption key.

Recover Files Encrypted by Cerber Ransomware

With over 20 years of experience we specialise in the recovery of data encrypted by ransomware of any length and on any storage device, whether HDDs, SSDs, Databases, Servers, Virtual Machines, Storages, RAID systems and more.

Our biggest differentiator is our ability to develop unique technologies for data recovery, this puts us among the few companies in the world that can recover files encrypted by ransomware.

All our processes are exclusive and all of them were developed based on the GDPR (General Data Protection Regulation). And, we make available to all our clients the confidentiality agreement (NDA) the whole process is highly confidential.

We have emergency recovery services for cases where speed is vital to the company.

Contact us and start the recovery process right now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.