Cerber Decryptor: Working Cerber Ransomware Removal Tool

Cerber Ransomware

Today, I am going to explain you all about Cerber ransomware 3 & 4 version. Every one of us know what a virus or a malware is, don’t we? Antivirus companies are working hard to roll out updates as even a minute security issue arises. But the new villain in the cyber security field is ransomware.

Note: Cerber 3, Cerber 4, Cerber 5 and Cerber 6 version has been released. The previous patch is no more working. We shall update you when we get any new decryptor tool. As of now, there is no decryptor or ransomware removal tool available specifically for cerber ransomware.

Update1: Please follow our updated list of all ransomware decrypt tools released so far.

Most of you are hearing this name for the first time, I know. But you should understand what it is and aware of the healing methods as well because ransomware is a serious issue. And right after the WannaCry Ransomware cyber attack all over the world, it’s pretty serious now. Here I am going to explain about a special type of Cerber ransomware. But there is no point in doing so, given you have no idea what a ransomware is. So, let me tell what it is.

A ransomware is not exactly a malware. It doesn’t damage your computer or make it act weirdly out of the blue. Instead, a ransomware locks special types of files in your computer. And when you try to access them, it will open a wizard that demands money or ransom.

Mostly, they accept money in the form of bitcoins as it allows maximum anonymity in the transaction. The ransomware gives you a specific time limit, beyond which no one can access the files if you don’t give the money. Once you send them payment and enter the correct reference number, your computer will act normally.

Cerber 4.1.6 is a new Ransomware in the cyber world but the latest one is Potato Ransomware & ODIN Ransomware which is latest version of Locky. It has infected hundreds if not thousands of systems all around the world. The algorithm of cerber 4.1.6 is bit different from what we saw in other ransomware. So is your computer or laptop infected with Cerber Ransomware? If yes, then you must know how to remove and decrypt the encrypted files with .cerber 4.1.6 extension. Before you see the Cerber4 decrypt working method, let me explain all about Cerber4! Here you go!

Cerber4 Ransomware

With that being said, let’s move on to the details of Cerber ransomware.

What is Cerber Ransomware?

At first, you must know what Cerber Ransomware is.

Cerber 4.1.6 is a later version of the hazardous ransomware Cerber. The prime action it does is encrypting your important files and documents. (Along with the introduction, you will read the working of Cereber ransomware here as well). There are multiple ways, through which Cerber 4.1.6 can sneak into your system. I will talk about it later.

Once Cerber ransomware gets into the computer, it will create an executable file in your app data folder insider user directory. Then, the executable file will be run to scan the entire drives for the files specified in its algorithm. When the ransomware finds specific types of files, it will start encrypting the same. And, it converts them to files with .cerber4 extension.

You can’t normally open the files encrypted by the ransomware. Say you have a file named ‘work detail.pdf’, Cerber ransomware will transform it to ‘1thY47NB6g.cerber4’. Every time, it generates an alphanumerical file name with ten characters and cerber4 extension. Then, you will see a change in the desktop wallpaper and a ransom demanding message on it (sample is given below).

“Your documents, photos, databases and other important files have been encrypted!

If you understand all importance of the situation then we propose to you to go directly to your personal page where you will receive the complete instructions and guarantees to restore your files.

There is a lost of temporary addresses to go on your personal page below.”

At the end of the message, you will get a few website addresses that will lead you to pages with payment information. Along with this wallpaper change, you will also see three special files on the desktop; # HELP DECRYPT #.html, # HELP DECRYPT #.txt, # HELP DECRYPT #.url. Some old versions of Cerber4 ransomware create files such as @[email protected], @[email protected] and @[email protected].

The first two files (txt and HTML) contain the same ransom demanding message whereas the second one brings you to the payment page. The similar procedure takes place when ransom amount is asked to Decrypt CryptoLocker During the encryption process, it generates a private key for decryption and keeps the same in a remote server owned by the developer of the ransomware. As there are no tools available for automatic decryption, one must need the exact key to get the file access back.

On the payment page, it will demand 0.7154 bitcoin (equals about $410). In case you fail to send the amount within the proposed time limit (mostly five days), the amount will be doubled to 1.4308. But in previous Cerber ransomware versions, the ransoms were higher than this amount. The ransomware developers prefer Tor and Bitcoin currency due to the scope of anonymity it offers.

I recommend you shouldn’t act as per the instructions of the ransomware. The researches proved that the developers often ignore the victims. Suppose, your computer is infected by Cerber ransomware and, you paid the demanded ransom provided the files are of the highest significance. But chances are you will never get the files back to the original state.

Hence, the disinfection methods and restoring are preferred than being a puppet of ransomware developers.

Netflix Users, Watch OUT! What is Netflix Ransomware?

How does Cerber Virus Get into My System?

As I said earlier, there are multiple ways for it. Nevertheless, the most used method is to email.

Mostly, the ransomware developers craft a seem-to-be legitimate email. The widely used strategy is to duplicate the emails sent by a shipping or courier company like FedEx and DHL. It will make you believe that they tried to send you a package and failed. In order to make the shipping deliverable, they say, you have to make sure your details are correct from the following document.

About 90% of people open the attachment even without checking the sender’s email address. There is a conventional thought that only executable files cause security threats. But no! Such document contains inbuilt macros to be run in the background. Once you open the document, you will think that it was a harmless prank mail. Within that time, the ransomware creates a copy of its own in the user directory.

Another method is via freeware and cracks. If you are a person who has a habit of installing cracks of paid software, you need to be careful from this moment. A ransomware can easily be integrated into an executable file. So, brace yourself to face a security threat!

Types of Files Affected by Cerber Ransomware

Cerber ransomware targets many common and uncommon file types. I have collected an extensive list of such file extensions, which you can read below.

“.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt”

When you open directories with these types of files, what you see are files with bizarre names and .cerber4 extension.

Cerber Removal Tool

I am not giving you a guarantee that the tools I shared here can remove Cerber ransomware. But you have a greater chance in doing so by downloading SpyHunter 4.

Cerber 4.1.6 Decryptor

Malwarebyte’s Anti-malware for Cerber Removal

Step 1: First, you have to download Malwarebyte’s Anti-malware. What you get is an executable installer file. Just open the same and follow on-screen instructions to install the software. (I recommend doing this after logging into Safemode with networking).

Step 2: Once you finish installing the tool, you should open the interface in case it doesn’t get opened automatically.

Step 3: You will see a Scan Now button on the first screen of the software itself. As Anti-malware gets regular updates, the interface may differ in your case. But the core function remains the same.

Step 4: You have to wait some time to get the scanning finished. The scanning time solely depends on the number of files you have. The greater the number of files, the more the scanning time will be.

When it finishes the scan, you will see the result.

Step 5: There, you will get the option to select the detected malware. Just check all the detected ones and hit Remove selected.

Step 6: In order to release your computer completely from the clutches of malware, you should reboot the system. Apparently, Anti-malware will ask you whether to restart the computer or not. You must choose Yes.

Hitman Pro

Another effective Cerber ransomware removal tool that I found out is Hitman Pro.

Step 1: Yeah, you have to download Hitman Pro first. Don’t forget to run the downloaded installer to finish installing the software on your computer.

Step 2: There is not even a single complicated step in installing Hitman Pro. Once the installation finishes, it will start scanning your computer for malware.

You must wait some time to get it completed.

Step 3: When the scanning process is completed, you must choose Next on the interface that shows the result.

Step 4: On the next screen, you will be asked to enter the license key. But you can avail a free license valid for 30 days and it is enough to remove the detected malware including the ransomware.

Finally, you need to change the wallpaper and, delete the html, txt and url files on the desktop as well.

How to Decrypt Cerber Ransomware Infected Files Using Decryptor?

There are some ways to decrypt encrypted files. Let’s try some.

In-Built Restoration Method

Open the file explorer and browse to the directory with encrypted files. Right-click on it and choose to Restore previous versions. If you are lucky, you can avail an unencrypted version of the same.

In case it doesn’t work, you must restore the entire system to its previous state.

Step 1: Turn your computer on and repeatedly press F8 (F10 on some systems) during the booting up time.

Step 2: You will get a black screens with a few options on it. Just select Safe Mode with Command Prompt from it.

Step 3: You see the CMD window then. Enter cd restore into it. Then, you have to type rstrui.exe.

Step 4: Once you type it and press Enter, you will get the System Restore wizard. Hit Next.

Step 5: Choose one from the available restore points and, press Next.

Step 6: You should choose Yes to get it doing. So, do it.

There you go! When the process is finished, download an antimalware tool and eliminate all the security threats.

Shadow Explorer

Step 1: Download and install Shadow Explorer.

Step 2: Open the software and choose a drive. Then, you have to select a date of restoration.

Step 3: The main pane on the right side shows the files tree. You have to choose a file and right click on it. Finally, hit Export and browse to the destination directory. There you go!

Final Words on Remove Cerber Ransomware

I hope you got an extensive idea of Cerber ransomware now.

As I said earlier, it is difficult to bring your system to its initial state once it is infected. You had better check every attachment carefully before opening it. And, get rid of the crack using habit right now.

In case you want to know something additional about Cerber ransomware, don’t forget to drop a comment here and stay tuned to Ransomwares section on our blog for more updates! I appreciate if you hit one of the share buttons.

Default image
Harshil Patel
Harshil is a tech enthusiast with the zeal of changing the way people look at technology. He is often found testing out new gadgets when he's free!
Articles: 327


  1. I am facing some issues after the Cerber 4.1.5 attack on my laptop. Can you please help me out with the same by emailing me?

    • Yeah, sure! Why not! Please let me know your problems in detail and I will help my best to remove the Cerber 4.1.5 ransomware from your laptop!

    • Hi, we are already updating the content as per the latest Cerber Ransomware releases online! Stay tuned for more updates right here!

    • The latest working tool for Cerber 4.1.6 has already been updated in the above content. Please go through it again 🙂

  2. Hi,
    Lots of my personal files got infected with cerber3 and I am not able to get them back 🙁
    Can you please help me out, I don’t have any restore point on my PC so can’t restore.
    Looking for some decryptor for cerber3 …
    Please let me know if you can help me out


  3. I have been infected with CERBER something…. no idea what version.
    The JPG in my encrypted folders shows that it is CERBER.

    My files are not .cerber2 or .cerber3 or .cerber4

    mine is random filename.random extension.

    Please explain why this is, all the guides i find tell me it is .cerber
    i dont see this making sense

  4. Hi ,

    My files are .cerber3 , can you please tell me the best tool to decrypt the data from encrypted excel files.

  5. Thanks a lot for guiding me. I finally removed Cerber3 files from my computer after following the above procedure.

    • Less likely to happen to be honest. There is no bullet proof solution available for Cerberxxx ransomware

      • my pc is affected by “cerber ransomware”,
        is it possible to remove and decrypt my file???
        please give me your kind solution.It show me such as”It is normal because the files’ names and the data in your files have been encrypted by “Cerber Ransomware”.”.

        • As of now, there’s no solution to remove Cerber Ransomware. We will update this post as soon as we get the Cerber Ransomware decryptor.

  6. hello please help me my all files are encrypted there is very important data on my laptop , how will i know there which cerber ransomware version infected my laptop in all my drives and folder there is a html file name help_help_help , please help me with the concrete solution , is there any way ???

  7. Please help me , my computer is infected by cerber . Vall my files have the extension .84d6 .
    What is the version of this cerber . And how can i decrypt or restore my data. No restoration point had been found in windows 7.

  8. Hi Harsh.
    I have some files attacked with cerber3 virus. all files are encrypted as .cerber3 files. how can its decrypt.? any tools you have..?

  9. hi
    virus attack to my laptop and convert .jpeg and movies and sql files to .8916 file extention.
    how can you help me for recovering my files.

  10. Hi,
    Please be informed that some of folders on my laptop was affected by this ransomware. The extension of the files become “.82ce” (sample: “bSazKOV-uA.82ce”).
    May I know if there is available decryption tool for this?
    Best Regards,

  11. some of folders on my laptop was affected by this ransomware. The extension of the files become “.adb8” (sample: “0-A3LY3VrD.adb8”).

    May I know if there is available decryption tool for this?

    Best Regards,

    • hello.
      i read someware that the free decryption tool is provided for cerber and cerber2 extension.
      you can search and i wish to find it!

  12. Are you guys working on a decryption tool for the new Cerber version? My files are now {randomgibberish}.afec and it creats HELP_HELP_HELP files (both a jpg and an executable, i removed all viruses so i don’t remember what extension was it exactly). I removed the virus and my pc is clean but I really need those files before this semester ends, i had a lot of work documents there…
    I appreciate your work, please reply

  13. It’s been more than a 6months now since my laptop was infected and encrypted by Cerber3 Ransomware. Worst part was most of my personal files were encrypted, can you please help me to decrypt my files. Please let me know once any Decryption Tool available.

  14. Hi Guys, my PC got infected by cerber ransomware and all file got encrypted with the extension .a8ec (example: bx98iGE7hp.a8ec) can someone help me with the version number and if there is any decryption tool available? Thank you

  15. I don’t have a backup only have the cerber3 files which are my original file, some of those like movies and mp3, i can get those back by simply renaming the type to. Avi or. Mp3 . But my photos arent working with it. Please please please help. Thank you

  16. Thanks for the nicely crafted explanation, removal and recovery of files.
    I am struck at recovery of files. I was blown away by Cerber3 on HP Laptop with Windows Vista operating system. I am struck at Shadow Explorer, it does support the operating system i have it on. Need your advice how can i have my memorable photographs and videos back.

    • Shadow explorer is not likely to work. It is advised that you start taking cloud backup of your photos and videos from now onwards.

  17. hi , i have been hit by cerbersome ransomware and i don’t know which cerber version ransomeware is this and HOW to decrypt file on my network drive..thanks in advance

    • Please provide the extension so we can identify which Cerber version is on your PC. Anyway, there is no rock solid solution available for cerber ransomware

  18. Hi,
    My PC deadly suffering from Cerber Ransomware and all file are showing encrypted, Will this software help, Harsh.

  19. Hi,
    Really a wonderful article!
    My PC has been infected with CERBER and all files (docs, images etc.) have been encrypted and renamed with .9a4b extension. My all important files have encrypted. I tried Trend Micro but for no avail.
    Please suggest me what I can do.

  20. My PC has been infected with CERBER and all files (docs, images etc.) have been encrypted and renamed with .8c9f extension. All files have been encrypted. I tried Trend Micro and it doesnt work. What can I do, any suggestions.


    • Antivirus do not work on ransomware. Unfortunately, there is no erber 5 decryption tool available so far. You can always check our website for new decryption tool availability.

  21. hey hey is it out yet? my laptop is infected with cerber!
    is there ANY way possible to decrypt them?!
    please help

  22. Hi Harsh,

    My problem is also same like others, but my file name has not been extended with cerber3/3 $$%% etc.

    Is there any way to get back my data file and photos.
    How long I have to wait for the removal tool out.
    If i will install new window will this virus come again or not?

    Regards// JM

    • Hello,
      I recommend you not reinstall windows until a perfect and solution tool becomes available for your files.
      after your files restored to its original state, then reinstall windows.
      because the encryption and decryption key for one operating system is unique and if you reinstall your windows, you may lose your files forever!

  23. My PC has been infected with CERBER and all files (docs, images etc.) have been encrypted and renamed with .a1d7 extension. All files have been encrypted.can anyone suggest any decrypter tools.

  24. I had some files encrypted on 12/6/2016 and each has an extension of .a21e. I’m hoping someone can come up with a decryption tool for the remaining files that I could not restore from backup. Please notify me when such a tool is available.

  25. Hi Harsh Bhai
    Please help me out . My External Hard Disk connected to MY PC via USB got this CERBER RANSOMEWARE all my folder got the jpeg file “_READ_THI$_FILE_ZIK1Y_ ” RED WORDING’S followed by ” Your doucmnets ,Photos Databse…. have been ecrypted”

    All my Weeding pictures, My son PCIs doucmnet got encrypted with extension “NdOQ1yoV3I.9561” , 8G7ncFUquu.9561 all ends with .9561.

    What version of cyber is this ? . After infected I run scan using HITMAN, Malwarbytes and Trend ransomeware and deleted the infected files.

    Does the virus removed? Now how to get back my files . Please help me out I don’t have any back up .
    What is this version . Can you please advise how to remove it


  26. Hi Harsh

    My external hard disk got affected by cerber ramsomware . where all my folder and files got the extension with “8G7ncFUquu.9561″ ends with coded .9561. Do you have any idea what cerber is this and all folders have jpeg in ” red colour”
    Any tool relaed to decrpty my files
    Please advise.

  27. do you have an update now for cerber? the file extension is .aff6 i think its 4.0/5.0 version.. i cant find any decryptor

  28. Hi harsh

    My Laptop has been infected with ransomware and all files (docs, images etc.) have been encrypted and renamed with extension ex : 8ZXrhfmDsP.8dca.

    Any tools i can use to decrypt the file. Hope u can help


  29. Hi Harsh, I need help too! Most of my files on my laptop have been encrypted by Cerber Ransomware and unfortunately I realized that my backup service has expired a few months ago so I can’t access any files. The extension is .9cf4
    I really hope you can help!! Thanks so much!

  30. Hi Harsh

    My external hard disk got affected by cerber ramsomware . where all my folder and files got the extension with “8G7ncFUquu.9561″ ends with coded .9561. Do you have any idea what cerber is this and all folders have jpeg in ” red colour”
    Any tool relaed to decrpty my files
    Please advise.

  31. Hi Harsh,

    I have the .B566 extensions can you tell me which Cerber it is? maybe already a tool to remove it available?

  32. Hi Hash,
    i have .b566 extensions can you tell me which cerber it is? maybe allready a removal tool available?

  33. Good Morning,
    I got hit with Cerber Ransomware on Tuesday evening. All of my files are encrypted.
    How can I decrypt them to get them back to original state?

  34. My desktop Windows 7 have been affected by Cerber3 Ransomware and it is the first time i’ve heard of this, after removing the virus is there still a way to get all my files back?

  35. cau you cerber ransomeware help help help decryp infected in my computer of outside hardware? Do you have any tools?

  36. All folders and files were encrypted showing .8ea1 can you suggest me a tool and process to decrypt my important files

  37. Hey man
    my files are encrypted by cerber ransomeware, and the files are in extension .88aa.
    which cerber is this exactly and is there a decrypter available?

  38. Hello, my pc is infected with cerber. Extension of files is .b5d4. Do you know kind of cerber?
    – Thanks a lot in advance!

  39. My datafiles got affected by cerber ransomware (version is not known) just today and the files have extension as .a715 – can you please advise if a decrypter is available for this software.

    • Seeing this extension for the first time. No idea which Cerber Ransomware version it is. Please check our decryptor tools page where I have mentioned a tool for Cerber removal. If it’s Cerber v1, the tool will work, else, you don’t have an option.

  40. MY HARD DISK ENCRYPTED. ALL FILES CONVERTER “.a8be” format. its cerber 4. If anybody have cerber decryptor v 4.0.1 tools or any other decryptor. pleses send my mail or link.
    [email protected]

  41. Hi, my files are encrypted with .cerber there is no number, does this mean it is version 1? and is there an encryption tool for that? Thankyou

  42. Will there be fix available soon for Cerber ransomware? What should we do interim with the files in the laptop?

  43. Hey, Do you know if there’s any successful decrypter available for files encrypted by Cerber 3 yet ? Please let me know . Thank you.

  44. Hi Harsh ji,

    My Windows7 notebook pc was affected by CERBER3 around Sep/Oct 2016. All files incuding PDF/XLS/DOC/TXT/HTML/MP3/MP4/Videos/Exe are encrypted. The file extension mostly shown are .cerber3 and .9996

    I wish to know if suitable decryptor is available.

    Thanks for your nice article.

  45. Hi This Giri From India . I have Problem In Ms Office files It will Show the Error of the File .cerber3 like this.I have lots of data in our files will you please how to repair the error

  46. Hi , can you just tell me what is the decryption tool for Cerber 1 & the steps to get the files back .

    Kind regards

  47. Hi

    My files have been encripted by cerber ransomeware named below since on march 2017
    _R_E_A_D___T_H_I_S___[random]_.hta and _R_E_A_D___T_H_I_S___[random]_.txt. Can you help me how to decript?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.