2

I was hit by Cerber on the weekend.

This surprised me given I was running Grindsoft Anti-Malware in addition to Defender, although I suspect Grindsoft real-time protection was off given there had been an issue with the activation license (I was issued with a new key but only noted post infection that protection was now off).

It came in via another User Account, I saw what was happening in time to kill the net before my encrypted OneDrive files were uploaded to the cloud, regardless of which I had back-ups of my important personal files.

I removed the malware with GRindsoft, re-installed Windows and then my restored my backed-up files.

  • My incremental back-up file (around 500Mb) on an external drive was not impacted (while all documents on an USB were encrypted). I won't specify the back-up program here.
  • All *.iso files were also untouched.

Is it likely that Cerber skipped these files because of the file type and/or file size?

Improve this question

1 Answer 1

Reset to default
2

The link below has a list of file extensions used by Cerber:

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

.iso is not in the list but Cerber uses a config file that stores a list of file extensions to target. This makes Cerber more flexible since the list of file extensions is easily modified.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .