Ransomware Impact

A week or so ago a client of mines office was attacked by a new variant of the Ransomware Virus.  This Virus spread across multiple office computers and also all USB drives connected to the infected computers.

Not all the computers had current anti-virus protection.  (Mcafee was running on one of the computers while another had an expired antivirus subscription ).

There was no backup in place on any of the computers.

End result is.  Most of the companies important data was lost.  MYOB data could be recovered from 2 months ago from the accountant.  Managed to recover around 10 gig worth of data from one infected computer.  This consisted of Excel Files, Work Documents, PDF Documents, Images.  Over 16,000 files were encrypted on 1 of the computers.

Even drop box started to sync the encypted files to the cloud.

The files were changed by having a 6 character random suffix added to the end of each encrypted file after encryption.

A warning message was displayed on screen as a changed desktop wallpaper image.

Where each file was encrypted a text file explaining what had happened was saved together with a HTML file providing links to get your data decrypted providing a ransom was paid in BITCOIN currency.


I attempted to get data decrypted using a number of online tools from the major antivirus companies.  None of them could fix the data.  Since each file had a different suffix name added to the file, it was next to impossible to decrypt based on the name of the extension.

Cerber Virus description





Contact me and I can put something in place to minimize the risk to you or your business.

0414405007  (Natan)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s