Cerber ransomware developers beat Check Point’s free decryption tool

Most of you may have heard about Cerber ransomware virus that has encrypted thousands of computers around the world. Cyber security company Check Point Software was willing to help the virus victims and released a free decryption tool earlier this month. Sadly, Cerber creators didn’t let the victims use it for a long time. A day after CerberDecrypt.com project was launched, hackers corrected the flaws in the ransomware’s code and added a captcha to their payment system, destroying the Check Point’s good intentions.

According to the Check Point, the decryption tool on CerberDecrypt.com helped hundreds of users to encrypt their files. This service allowed the victims to upload one encrypted file, based on which, the decryption tool automatically generated a decryption key and made it available for downloading. After the decryption, victims received a message congratulating them on having successfully restored the intended data. Unfortunately, this helpful tool is not available anymore. Now, visiting CerberDecrypt.com you will only see Check Point’s promises to find a new solution how to help victims remove Cerber virus for free.

After Check Point had announced that they are capable of decrypting version 1 and 2 of Cerber ransomware, it was thought that they were able to gain access to the Master Decryption Key. But it turns out that they had probably found a flaw in the encryption process that the hackers have already fixed. The already mentioned captcha system has been added to the process to prevent automated services provided by Check Point Software. In fact, it is one of the three stages that need to be completed in order to get verified.

According to Check Point Software, Cerber ransomware is now running 161 active campaigns. Moreover, they are launching approximately eight new campaigns per day. During the last month alone, this virus has infected about 15.000 computers in 201 countries. It seems that the virus developers are not willing to stop causing trouble and are ready to benefit from the victims even more.

Cerber virus is a smart business model which rapidly grows revenue from paid ransoms. To prevent themselves from being caught, the developers use Bitcoins and create numerous unique Bitcoin wallets. Every victim has to send a payment to a different wallet. For this reason, it’s almost impossible to track individual transactions. Usually, one ransom consists of 1 Bitcoin (approximately $590). In July 2016, Cerber virus has accumulated a profit of around $195,000. If Check Point does not come up with another solution soon, the numbers might grow even bigger in August.

It is also worth mentioning that the developers of Cerber ransomware split the profit with its affiliates. The affiliate’s earnings depend on the success of the infection and the amount of ransom set for a particular campaign. In July 2016 the ransomware partners received $117.000 while the developers were left with $78,000. The ransomware viruses became a global problem that not only causes inconveniences for tens of thousands of users worldwide but also generates millions of dollars every single year.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions