I wrote this article to help you remove Cerber 5.0 Ransomware. This Cerber 5.0 Ransomware removal guide works for all Windows versions.

The dreaded Cerber Ransomware family keeps on growing and it is growing fast. The newest addition to it is Cerber version 5. Like the others, it is dangerous and it will ruin your system. You know what all ransomware pieces do, right? First, they invade your computer. Second, they encrypt all of your files that you have stored. And finally, they extort you for money in exchange for giving you a decryption tool to help you recover your lost data. Cerber 5 is no exception. Keep in mind that the Cerber family is considered one of the most harmful and hard to tackle pieces out there. The more time it spends on board the more problems it causes. And the only way of setting your PC free of this nasty infection it to completely remove it once and for all. Don’t waste time. Take action immediately. Otherwise, you will keep sinking deeper and deeper into that giant mess.

This Cerber version, like almost all infections, has to dope you into allowing it to enter your computer. As needs your permission, it has to ask for it and, for that, it uses tricks. One of the most popular invasion tactics, which Cerber 5 uses is Exploit Kits (EK). The RIG-V EK, to be exact. RIG allows the ransomware to be installed on your machine without you realizing. This happens when you visit compromised webpages and using them as a source. Another way for the EK to work is malvertising. You have to be very careful on what ads and commercials you click on.

In malvertising, malicious ads that deliver malware are injected into legitimate online advertising networks and sites. One click can be enough the malware to infect you. Also, spam emails remain an old but gold technique and the hackers are still relying on it. Don’t open emails which look suspicious and which you don’t know the sender of. Once Cerber has managed to slither in your system, it proceeds to step two. The process of locking your files. This version, in comparison with the previous one, has some changes regarding the encryption. First, Cerber`s maximum encryption size is 2,560 bytes, compared to 1,024 bytes in previous versions. This means that any file smaller than 2,560 bytes is safe from locking. Second, Cerber 5 skips 640 bytes when encrypting a file, compared to previous 512 bytes. And last, it appends the malicious “.secret” extension at the end of all encrypted files.

When the ransomware finishes with encrypting your data, you no longer have access to it. You cannot open any of the files, pictures, videos, music files, Word documents, etc. And then, Cerber drops its ransom note. A message from the crooks, explaining your situation and prompting you to visit your personal page in order to receive detailed instructions on how to retrieve your data. Of course, these instructions involve you paying a hefty amount of money, in exchange of which you will receive a decryption tool. Allegedly! You do realize that your chances of getting that tool are quite slim, right? Dealing with hackers is a risky business and most of the times the victim is the one to end up double-crossed.

Imagine you receive the decryptor, which is very doubtful, and it does not work at all. What do you do then? You have given these cybercriminals your money and your files are still locked. And even if you somehow receive a fully working decryptor and you even manage to recover your data, the infection itself remains on your machine. The decryptor doesn’t remove it and it can strike again anytime. Then what? Will you pay again? You have to understand that paying is not an option. You have zero guarantees and, most importantly, you are jeopardizing your privacy AND you sponsor the crooks` business. Would you want that? Strangers having access to your personal information and your money being used for more malware creation? Don’t be gullible. We have a much better suggestion.

We have prepared a removal guide, with which you can uninstall the nasty infection from your PC and then look for ways to decrypt your data. But it is very important than you first get rid of the ransomware for good so the hackers have no access to you anymore. Once you do that, you can start looking for decryption solution. If you have made backups of your files, like you should have, that’s it. With your PC infection-free, you can safely recover everything from your backups. If you don’t have backups, you can always turn to a specialist or look for free decryptors online. Anything is better and safer that paying the ransom sum and hope for the best. You can find our removal instructions at the end of the article.

But before that, we will give you some recommendations so you don’t end up in the same unpleasant situation again. Like we already mentioned, avoid suspicious pages/ads/torrents/links as, the chances are, they are dangerous. Don’t open any emails you get lightly. Carefully read what you agree with. Don’t skip the Terms and Conditions/EULA. Always stay vigilant. Infections pray for your carelessness. They need it so don’t provide it. And last but not least, getting a reliable anti-malware software can only help you protect yourself from other attacks in the future.

Cerber 5.0 Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Cerber 5.0 Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Cerber 5.0 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete