I was hit by Cerber on the weekend.
This surprised me given I was running Grindsoft Anti-Malware in addition to Defender, although I suspect Grindsoft real-time protection was off given there had been an issue with the activation license (I was issued with a new key but only noted post infection that protection was now off).
It came in via another User Account, I saw what was happening in time to kill the net before my encrypted OneDrive files were uploaded to the cloud, regardless of which I had back-ups of my important personal files.
I removed the malware with GRindsoft, re-installed Windows and then my restored my backed-up files.
- My incremental back-up file (around 500Mb) on an external drive was not impacted (while all documents on an USB were encrypted). I won't specify the back-up program here.
- All
*.iso
files were also untouched.
Is it likely that Cerber skipped these files because of the file type and/or file size?