Alert! Ransomware is Being Spread through the Ammyy Admin Website

  • 236
    Shares

This is a precautionary advisory for users who frequently visit the website of the popular remote desktop sharing software called Ammyy Admin.

Quick Heal Labs has observed that a new variant of the Cerber3 Ransomware is being spread through the Ammyy Admin software on the official Ammyy Admin website. This news, however, is not surprising as this website has been found to host malware on several other instances. In a previous case, the website was found to spread the notorious Cryptowall 4.0 Ransomware.

ammyy

Fig 1 Ammyy Admin official website

The Quick Heal Threat Research and Response Team recently observed increased cases of Cerber ransomware infections wherein the victims had downloaded and run the Ammyy Admin software from the original website. And our analysis of the malware found these observations to be true.

A technical analysis of the ransomware is available in this downloadable PDF.

PDF icon

 

 

 

How Quick Heal helps
Quick Heal Web Security feature proactively detects and blocks websites on the basis of their malicious reputation and inconsistency in delivering actual applications.

How to Stay Safe from the Cerber Ransomware?
• Avoid visiting the Ammyy Admin website.
• Remove the Ammyy Admin software if you have it on your computer.
• Do not respond to unknown or unwanted emails that urge you to click on links or download attachments, no matter how urgent such emails might sound.
• Run an antivirus software that detects and blocks infected websites and emails with malicious content.
• Take regular backups of your important files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
• Apply all recommended security updates (patches) to your Operating System, programs like Adobe, Java, Internet Browsers, etc. These updates fix security weaknesses in these programs and prevent malware from exploiting them.

 

ACKNOWLEDGMENT

Subject Matter Experts
• Shantanu Vichare
• Dipali Zure
– Threat Research and Response Team

Rajiv Singha

Rajiv Singha


104 Comments

Your email address will not be published.

CAPTCHA Image

  1. IS THERE ANY WAY TO RECOVER FILES IF IT IS ENCRYPTED BY CERBER 3 RANSOM WARE.

    Reply
    • Rajiv Singha Rajiv SinghaOctober 19, 2016 at 4:08 PM

      Hi Rohit,

      Files that are encrypted by a ransomware cannot be decrypted without using the private key which the attacker is selling for a ransom.

      Regards,

      Reply
  2. If your pc is infected by cetber 3 or crypto ransomeware then only spy hunter will remove the ransomeware. But problem is of encrypted data. Till today no software available for decrypt the data. When this ransomeware affected your pc no antivirus work and it also uses windows default services. After 20 hrs i am successful to remove cerber3 ransomeware from pc now i am working on decrypt the data. I give my suggestion for retriving data soon.

    Reply
  3. My PC attacked by cerber3 ransomware and all files encrypted. but i have seen a backup folder created by quick heal as backup function is inbuilt in quick heal in case of attack by ransomware. How can i restore file from quick heal. Please help me to get rid of this.

    Reply
  4. Avatar Anirban DuttaSeptember 15, 2016 at 7:30 PM

    Thank you for your information. But please add Anti Phishing & Anti Spam on your Antivirus pro. Does it[Antivirus Pro] protect it’s user from Ransomware?

    Reply
  5. NOT SATISFIDE

    Reply
  6. Thanks for you

    Reply
  7. EnteIf the phone is stolen my questions I want to know where it’s close and give me instructions how to dor Message Here

    Reply
  8. Thanks for your email and help us,

    Reply
  9. hii m rajesh mathe from nagpur my laptop has been infected by ransomeware all my office data has been encripted .
    is their any solution to bring back my data…
    please help me…
    call me if you have any chargeable or non-chargeable solution ..9970198781.

    Reply
  10. MY SYSTEM IS ALSO EFFECTED FROM IT AND MY FILE IS LOST AND AND WATN TO DECODE IT PLS HELP ME

    Reply
  11. Avatar dharamraj BairwaSeptember 17, 2016 at 7:51 PM

    it is awesome. I always enjoy it.

    Reply
  12. Avatar rajeshbst10@gmail.comSeptember 18, 2016 at 7:19 PM

    nice

    Reply
  13. Hello,please help in upgrade my antivirus,im buying for quick hill.to one month ago very very virus attack for my tablet

    Reply
  14. Avatar ranalab2000@gmail.comSeptember 19, 2016 at 8:19 AM

    THE BEST ANTIVIRUR

    Reply
  15. i installed ammy admin with Ransomware .. it just creates @___readme___@ file and .cerber3 files in every folder.

    but when i check my files it doesn’t encrypted at all… they just put that files in every directories nothing else….

    Reply
  16. Avatar julfikar islamSeptember 19, 2016 at 12:10 PM

    OK

    Reply
  17. Avatar akjamphar51@gmail.comSeptember 19, 2016 at 3:36 PM

    you are good

    Reply
  18. Avatar shefiu Akinde oyeleyeSeptember 19, 2016 at 10:28 PM

    How can i recover my file back after been infected by the virus cerber3…..pls help

    Reply
  19. My laptop was detected with cerber ransomware. My system has crashed and my documents are corrupt. Is there anyway I can get back my files.

    Reply
  20. i am already infected with this virus and all my important files are encrypted. can someone please tell me how can i decrypt them.

    Reply
    • Rajiv Singha Rajiv SinghaOctober 7, 2016 at 6:57 PM

      Hi Kundan,

      Thank you for writing in. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.

      Regards,

      Reply
      • Hi Rajib,
        I have infected this Ransomware virus using ammy admin software 9months before but your technical person no one is can’t able to decrypt the file. Finally i format my Lappy. I think it is not a easy to break the lock but If our system has restore point then we can rollback using old date

        Reply
  21. Avatar ekowkleen@gmail.comSeptember 20, 2016 at 2:55 PM

    thanks the information

    Reply
  22. Avatar shubham jadhavSeptember 20, 2016 at 6:29 PM

    quick heal antivirus is important for pc,laptops,tab and other

    Reply
  23. Avatar Kamlesh VaishyaSeptember 20, 2016 at 8:25 PM

    How to recover Cerber3 Ransomware effected files?

    Reply
  24. Hi, could you answer me a couple of questions:-

    1. Is it possible that the cerber virus can infect a slave hard drive so that if that drive is connected to a healthy PC it can still do some damage even if no executable file is launched from it?

    2. I am a registered user of Ammyy admin and I have a clean version of the program but if I install a clean version on a remote PC and install the service mode could the people at Ammyy take over that PC through a back door??

    Reply
  25. Avatar Sanjai awasthiSeptember 21, 2016 at 7:29 PM

    Thank you for your information.

    Reply
  26. Avatar Ashish KulkarniSeptember 22, 2016 at 1:36 AM

    Unfortunately!!!! I am infected. Do Anti virus Pro edition removes this virus? Else i will have to purchase Norton edition.

    Reply
  27. Its true, Rajib Singha. I just noticed that.

    Thank you.

    Reply
  28. Very good

    Reply
  29. I like this app

    Reply
  30. How to remove Ransomware and it using Quick Heal?

    Reply
  31. Thank u

    Reply
  32. Dear Sir,

    I am Srijit by profession Computer Hardware Engineer, last 15 years I doing this work. As well as my company Dealer of Quick Heal. But last few months ago I don’t support properly for your company.
    So, I requested that please tell me how to protect Ransom ware problem. Already our few clients suffer this problem, Example: NEWPL, ORIENT PAPERS, SHUBHAM EXPORTS, NEOGIE ENGINEERING WORKS And COSMON ENGINEERING. Please help me as early as possible.

    Reply
  33. my all the files encrypted through ransomware most probably suggest me how could i restore all this .

    Reply
  34. I’m Rasel . Today my PC attacked by the server3 ransomware . already my all file are destroyed. Photoshop and illustrator are don’t read file. And all file are already renamed . Pls suggests for me …

    Reply
  35. GOOD

    Reply
  36. Hello Sir,
    I can’t update my antivirus database. It shows error that “please specify path”. Please suggest me solution.

    Reply
  37. unfortunately i used and downloaded ammy from its site all my files have been encrypted and got no idea how to get those back though i use quick heal and update on the daily basis, can u help me get my files back specially pictures

    Reply
  38. My product key not working ple. help

    Reply
  39. Avatar Prasanta BhattacharyyaSeptember 27, 2016 at 8:29 AM

    excellant

    Reply
  40. Avatar Anushka YadavSeptember 27, 2016 at 10:49 AM

    i did not go to the official website neither did i do any of the things that u ve mentioned in the case above but the cyber criminals ve encrypted all my files i ve even launched anti malware in quick heal still the problem remains unsolved what do i do now? plzz help all my files are encrypted!!!!!!!!!! 🙁

    Reply
  41. hiiiii i am abhishek singh this is a very sequre anti virus

    Reply
  42. I’m sujeet ,sir quick heal apps is to good….. it’s complete work….in mobile….ye hmesa mobile ke ram ko khali krta he jisse ki phone works very fast

    Reply
  43. It is the best a tivirous for mob and all

    Reply
  44. Hi Rajib,
    My laptop got effected with this cerber3 ransomware virus. I have quick heal antivirus software installed and went to renew software license through your registered dealer or agent. First he had installed ammy admin software and tried to reniew the account and my laptop got affected. I have registered complaint with quick heal customer care also.

    Please can you help me to how to restore my database.

    Reply
  45. Avatar shubhamverma767884@gmail.comSeptember 28, 2016 at 7:30 PM

    GOOD ANTIVIRUS

    Reply
  46. sir unfortunately i am late to read these post and my office PC and house PC had been infected by cerber3 ransomware, and all my important file are now encrypted. have there been any solution to set it back to original condition other then paying those creep

    Reply
  47. Avatar Heyat ullahOctober 1, 2016 at 4:08 PM

    it is the best one of the anti virous field.
    i fully saticfy
    my computer fully depend on it

    Reply
  48. Avatar Prashant GiriOctober 2, 2016 at 12:00 PM

    Dear Sir,
    I always promote your Antivirus for everyone though I don’t have any economical benefit. Now a day’s my client ‘Soham Motors’ is suffering from this Malware. They converted from other Antivirus to yours one. But still it’s not recovered. I physically found and tried to rename it as original, but could not recover whole file (mostly .MDB) we heartily request you please find a way to recover unscripted files. We saved whole on DVDs and formatted the Laptop. Please inform us on given email address
    Thanks.
    – Prashant Giri

    Reply
  49. Avatar Prashant PandeyOctober 3, 2016 at 12:39 AM

    Please Help Me

    Reply
  50. Avatar Koushik RoyOctober 3, 2016 at 4:32 PM

    how to update?

    Reply
  51. I was using Guardian on my computer. The same virus attacked my computer and my all files are locked. What should I do now ?
    How can I recover my files.
    Your customer care nos. are not responding

    Reply
  52. Thanks for your information.

    Reply
  53. Avatar Rupam MallickOctober 4, 2016 at 10:51 PM

    All my Files of my computer are encrypted by Cerber Ransomware with file extension ‘a4ef’. I’ve installed Quick Heal Internet Security but it is not repairing those corrupted files after Boot Scan.
    Please suggest me what to do?
    It is URGENT.

    Reply
    • Rajiv Singha Rajiv SinghaOctober 7, 2016 at 6:36 PM

      Hi Rupam,

      We have shared the issue with our team. They will get in touch with you to help you out.

      Regards,
      Team Quick Heal

      Reply
  54. My computer is infected to RANSOMWARE Virus My Doc, XLX, and PDF files are infected Please recover my file. I am used license copy Quick Heal Pro Antivirus
    please guide me and solved my problem

    Reply
  55. Avatar Chandan KumarOctober 5, 2016 at 9:14 PM

    is good

    Reply
  56. Avatar Rohit Raj JaiswalOctober 6, 2016 at 10:42 AM

    nice

    Reply
  57. Avatar shreesakambri@gmail.comOctober 6, 2016 at 11:32 AM

    what is the solution for the system which is infected with Cerber3 Ransomware virus

    Reply
  58. my some documents are crypt affected

    Reply
  59. Avatar Dhananjay SarafOctober 6, 2016 at 8:04 PM

    My PC infected om 30/06/2016 cerber3 resonwaire. all fille blook to cerber 3 . loss data. plz care no any chance

    Reply
  60. Avatar amrendra kumar sahOctober 6, 2016 at 9:05 PM

    dear sir
    i just installed quickheal total security on my windows 10 preloaded laptop. now every time my computer hangs. it displays microsoft not responding n bla bla. finally i have to take battery out everything. and also windows defender n quickheal are running at the same time. so also let me know how to turn off defender n resolve this situation.

    Reply
  61. Avatar Mohammed habeebullaOctober 7, 2016 at 12:29 PM

    A very good APP.

    Reply
  62. I not satisfied because I have no idea about ammyy admin ..plz give me some simple solution …what can I do about ammy admin .

    Reply
  63. Avatar swamisantosh@gmail.comOctober 8, 2016 at 4:06 PM

    If I Have Legal verion Ammyy Admin software,
    Should i need to worry if i’m using it.

    Reply
  64. Avatar kantibhusan biswasOctober 9, 2016 at 9:25 PM

    If my device caught any virus,remove it.

    Reply
  65. THANK U VERY MUCH…………..

    Reply
  66. Hi my system has been infected and all my data has encrypted as XYZ.CERBER3. I have already formatted and reloaded the OS and few decryptors, I have also installed quickheal total security 2016 but nothing has come handy!! I am in serious trouble!! Plz suggest how can I decrypt my data? Also I wonder that there is no help for such attacks in quickheal total security!!

    Reply
    • Rajiv Singha Rajiv SinghaNovember 15, 2016 at 5:46 PM

      Hi,

      Thank you for writing in. Our support engineers would gladly help you with this issue. Please call us on our toll-free no. 1800-121-7377 or visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.

      Regards,
      Team Quick Heal

      Reply
  67. Avatar Sagar MondalNovember 15, 2016 at 3:07 AM

    how i can recover file from affected file ??

    Reply
  68. Avatar Prince KushwahaDecember 24, 2016 at 11:15 AM

    I am using QHTS 17.00 license version.

    How to remove “Cerber Ransomware”?

    Reply