Cerber Ransomware Fights Back to Check Point’s Decryption Tool

Immediately after the Check Pint security firm released a free decryptor for the Cerber Ransomware, its developers took the measures needed to block it. The cyber gang has also added a captcha to their payment system and, in order to login, users should prove they are not robots. This way the servers` bugs can`t be automatically exploited by researchers.

This means that the Check Point free decryption service is no longer available. The visitors of the CerberDecrypt.com are now welcomed with the following message:

check point message
CerberDecrypt.com Message

As it turns out, we were all wrong to think that Check Point had somehow managed to obtain the Master Decryption Key and used it to decrypt files encrypted by Cerber versions 1 and 2. In fact, they have succeeded in finding and exploiting a vulnerability in the Cerber C&C server in their favor.

The Captcha system was noticed when a researcher from Bleeping Computer decided to visit the Cerber`s payment webpage to see if there were any changes or messages from the developers. He says that the captcha is filled with hand drawn faces, and to login, the user should pick the matching ones. He tested the system and found out that, actually, there are three more steps which the user should complete before being verified.

The captcha was most definitely added to block the Check Point automated service. Also, at the moment it is no clear if the but is still accessible and the captcha is protecting it, or they have just added it as an additional security measure.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.