Alert! Ransomware is Being Spread through the Ammyy Admin Website
This is a precautionary advisory for users who frequently visit the website of the popular remote desktop sharing software called Ammyy Admin.
Quick Heal Labs has observed that a new variant of the Cerber3 Ransomware is being spread through the Ammyy Admin software on the official Ammyy Admin website. This news, however, is not surprising as this website has been found to host malware on several other instances. In a previous case, the website was found to spread the notorious Cryptowall 4.0 Ransomware.
Fig 1 Ammyy Admin official website
The Quick Heal Threat Research and Response Team recently observed increased cases of Cerber ransomware infections wherein the victims had downloaded and run the Ammyy Admin software from the original website. And our analysis of the malware found these observations to be true.
A technical analysis of the ransomware is available in this downloadable PDF.
How Quick Heal helps
Quick Heal Web Security feature proactively detects and blocks websites on the basis of their malicious reputation and inconsistency in delivering actual applications.
How to Stay Safe from the Cerber Ransomware?
• Avoid visiting the Ammyy Admin website.
• Remove the Ammyy Admin software if you have it on your computer.
• Do not respond to unknown or unwanted emails that urge you to click on links or download attachments, no matter how urgent such emails might sound.
• Run an antivirus software that detects and blocks infected websites and emails with malicious content.
• Take regular backups of your important files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
• Apply all recommended security updates (patches) to your Operating System, programs like Adobe, Java, Internet Browsers, etc. These updates fix security weaknesses in these programs and prevent malware from exploiting them.
ACKNOWLEDGMENT
Subject Matter Experts
• Shantanu Vichare
• Dipali Zure
– Threat Research and Response Team
104 Comments
IS THERE ANY WAY TO RECOVER FILES IF IT IS ENCRYPTED BY CERBER 3 RANSOM WARE.
Hi Rohit,
Files that are encrypted by a ransomware cannot be decrypted without using the private key which the attacker is selling for a ransom.
Regards,
If your pc is infected by cetber 3 or crypto ransomeware then only spy hunter will remove the ransomeware. But problem is of encrypted data. Till today no software available for decrypt the data. When this ransomeware affected your pc no antivirus work and it also uses windows default services. After 20 hrs i am successful to remove cerber3 ransomeware from pc now i am working on decrypt the data. I give my suggestion for retriving data soon.
My PC attacked by cerber3 ransomware and all files encrypted. but i have seen a backup folder created by quick heal as backup function is inbuilt in quick heal in case of attack by ransomware. How can i restore file from quick heal. Please help me to get rid of this.
Hi Sohan,
Our support engineers will get in touch with you to help you out.
Regards,
Thank you for your information. But please add Anti Phishing & Anti Spam on your Antivirus pro. Does it[Antivirus Pro] protect it’s user from Ransomware?
NOT SATISFIDE
Thanks for you
EnteIf the phone is stolen my questions I want to know where it’s close and give me instructions how to dor Message Here
Thanks for your email and help us,
hii m rajesh mathe from nagpur my laptop has been infected by ransomeware all my office data has been encripted .
is their any solution to bring back my data…
please help me…
call me if you have any chargeable or non-chargeable solution ..9970198781.
Hi Rajesh,
We have shared your concern with our team; they will get in touch with you soon.
Regards,
MY SYSTEM IS ALSO EFFECTED FROM IT AND MY FILE IS LOST AND AND WATN TO DECODE IT PLS HELP ME
Hi Dhiraj,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
it is awesome. I always enjoy it.
nice
Hello,please help in upgrade my antivirus,im buying for quick hill.to one month ago very very virus attack for my tablet
Hi Reza,
Thanks for writing in. You can upgrade from here – https://www.quickheal.co.in/upgrade/
Regards,
THE BEST ANTIVIRUR
i installed ammy admin with Ransomware .. it just creates @___readme___@ file and .cerber3 files in every folder.
but when i check my files it doesn’t encrypted at all… they just put that files in every directories nothing else….
OK
you are good
How can i recover my file back after been infected by the virus cerber3…..pls help
Hi Shefiu,
Our support engineers can help. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
My laptop was detected with cerber ransomware. My system has crashed and my documents are corrupt. Is there anyway I can get back my files.
Hi SK,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
i am already infected with this virus and all my important files are encrypted. can someone please tell me how can i decrypt them.
Hi Kundan,
Thank you for writing in. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Hi Rajib,
I have infected this Ransomware virus using ammy admin software 9months before but your technical person no one is can’t able to decrypt the file. Finally i format my Lappy. I think it is not a easy to break the lock but If our system has restore point then we can rollback using old date
Hi Siva,
We have forwarded your request to our team; they will be looking into the matter.
Regards,
thanks the information
quick heal antivirus is important for pc,laptops,tab and other
How to recover Cerber3 Ransomware effected files?
Hi Kamlesh,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Hi, could you answer me a couple of questions:-
1. Is it possible that the cerber virus can infect a slave hard drive so that if that drive is connected to a healthy PC it can still do some damage even if no executable file is launched from it?
2. I am a registered user of Ammyy admin and I have a clean version of the program but if I install a clean version on a remote PC and install the service mode could the people at Ammyy take over that PC through a back door??
Hi Dave,
Thanks for your comment. Our support engineers can answer all your queries in a more explanatory manner. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Thank you for your information.
Unfortunately!!!! I am infected. Do Anti virus Pro edition removes this virus? Else i will have to purchase Norton edition.
Hi Ashish,
Our support engineers can help. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Its true, Rajib Singha. I just noticed that.
Thank you.
Very good
I like this app
How to remove Ransomware and it using Quick Heal?
Hi,
Thank you for writing in. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Thank u
Dear Sir,
I am Srijit by profession Computer Hardware Engineer, last 15 years I doing this work. As well as my company Dealer of Quick Heal. But last few months ago I don’t support properly for your company.
So, I requested that please tell me how to protect Ransom ware problem. Already our few clients suffer this problem, Example: NEWPL, ORIENT PAPERS, SHUBHAM EXPORTS, NEOGIE ENGINEERING WORKS And COSMON ENGINEERING. Please help me as early as possible.
my all the files encrypted through ransomware most probably suggest me how could i restore all this .
Hi Prabir,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
I’m Rasel . Today my PC attacked by the server3 ransomware . already my all file are destroyed. Photoshop and illustrator are don’t read file. And all file are already renamed . Pls suggests for me …
Hi Rasel,
Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
GOOD
Hello Sir,
I can’t update my antivirus database. It shows error that “please specify path”. Please suggest me solution.
Hi Vipul,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
unfortunately i used and downloaded ammy from its site all my files have been encrypted and got no idea how to get those back though i use quick heal and update on the daily basis, can u help me get my files back specially pictures
Hi Sumeet,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
My product key not working ple. help
Hi Kunal,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
excellant
i did not go to the official website neither did i do any of the things that u ve mentioned in the case above but the cyber criminals ve encrypted all my files i ve even launched anti malware in quick heal still the problem remains unsolved what do i do now? plzz help all my files are encrypted!!!!!!!!!! 🙁
Hi Anushka,
Our team will get in touch with you soon.
Regards,
hiiiii i am abhishek singh this is a very sequre anti virus
I’m sujeet ,sir quick heal apps is to good….. it’s complete work….in mobile….ye hmesa mobile ke ram ko khali krta he jisse ki phone works very fast
It is the best a tivirous for mob and all
Hi Rajib,
My laptop got effected with this cerber3 ransomware virus. I have quick heal antivirus software installed and went to renew software license through your registered dealer or agent. First he had installed ammy admin software and tried to reniew the account and my laptop got affected. I have registered complaint with quick heal customer care also.
Please can you help me to how to restore my database.
Hi KP,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
GOOD ANTIVIRUS
sir unfortunately i am late to read these post and my office PC and house PC had been infected by cerber3 ransomware, and all my important file are now encrypted. have there been any solution to set it back to original condition other then paying those creep
Hi Vishal,
Our support engineers can look into this. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
it is the best one of the anti virous field.
i fully saticfy
my computer fully depend on it
Dear Sir,
I always promote your Antivirus for everyone though I don’t have any economical benefit. Now a day’s my client ‘Soham Motors’ is suffering from this Malware. They converted from other Antivirus to yours one. But still it’s not recovered. I physically found and tried to rename it as original, but could not recover whole file (mostly .MDB) we heartily request you please find a way to recover unscripted files. We saved whole on DVDs and formatted the Laptop. Please inform us on given email address
Thanks.
– Prashant Giri
Hi Prashant,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Please Help Me
Hi Prashant,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
how to update?
I was using Guardian on my computer. The same virus attacked my computer and my all files are locked. What should I do now ?
How can I recover my files.
Your customer care nos. are not responding
Hi Ajay,
Our support engineers can help! Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Thanks for your information.
All my Files of my computer are encrypted by Cerber Ransomware with file extension ‘a4ef’. I’ve installed Quick Heal Internet Security but it is not repairing those corrupted files after Boot Scan.
Please suggest me what to do?
It is URGENT.
Hi Rupam,
We have shared the issue with our team. They will get in touch with you to help you out.
Regards,
Team Quick Heal
My computer is infected to RANSOMWARE Virus My Doc, XLX, and PDF files are infected Please recover my file. I am used license copy Quick Heal Pro Antivirus
please guide me and solved my problem
Hi Manoj,
Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
is good
nice
It Very Important information to the Internet user who work online work. thanks to Quick Heal Team
what is the solution for the system which is infected with Cerber3 Ransomware virus
Hi,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
my some documents are crypt affected
Hi Sushil,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
My PC infected om 30/06/2016 cerber3 resonwaire. all fille blook to cerber 3 . loss data. plz care no any chance
Hi Dhananjay,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
dear sir
i just installed quickheal total security on my windows 10 preloaded laptop. now every time my computer hangs. it displays microsoft not responding n bla bla. finally i have to take battery out everything. and also windows defender n quickheal are running at the same time. so also let me know how to turn off defender n resolve this situation.
Hi Amrendra,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
A very good APP.
I not satisfied because I have no idea about ammyy admin ..plz give me some simple solution …what can I do about ammy admin .
Hi Aman,
Our support engineers would gladly help you. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Team Quick Heal
If I Have Legal verion Ammyy Admin software,
Should i need to worry if i’m using it.
Hi Swami,
We request you to have a word with our support engineers who would be able to assist you better. Please visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
If my device caught any virus,remove it.
THANK U VERY MUCH…………..
Hi my system has been infected and all my data has encrypted as XYZ.CERBER3. I have already formatted and reloaded the OS and few decryptors, I have also installed quickheal total security 2016 but nothing has come handy!! I am in serious trouble!! Plz suggest how can I decrypt my data? Also I wonder that there is no help for such attacks in quickheal total security!!
Hi,
Thank you for writing in. Our support engineers would gladly help you with this issue. Please call us on our toll-free no. 1800-121-7377 or visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
Team Quick Heal
how i can recover file from affected file ??
Hi Sagar,
Thank you for writing in. Our support engineers can take you through this. Please call us on our toll-free no. 1800-121-7377 or visit https://bit.ly/QHChat to chat with us online. You can also raise a ticket at https://bit.ly/Askus and we will get back to you at the earliest.
Regards,
I am using QHTS 17.00 license version.
How to remove “Cerber Ransomware”?