Windows 10: Random File Encryption

Hi guys, just joined because I'm having W10 issues.

My computer started to randomly encrypt files, where I would have to manually decrypt them via the properties. Only issue now is that it says I have no admin rights, whereas before it was decrypting fine....

Here is my pictures folder, I did not encrypt these files and folders myself, and I can't open them now.





Please help! I don't wanna lose my files!

:)

 

Cerber took my adminstrator over

There are several different variants of Cerber Ransomware with different file extensions appended to the end of encrypted filenames and ransom notes.

Any files that are encrypted with the original Cerber Ransomware will be renamed (encrypted) with 10 random characters followed by a
.cerber or a random 4 digit extension appended to the end of the encrypted data filename (i.e. 2C1OlcaXdF.cerber, kMWZJggq2p.a82d) and leave files (ransom notes) named DECRYPT MY FILES#.vbs, DECRYPT MY FILES#.txt, DECRYPT MY
FILES#.html as explained
here.

Any files that are encrypted with Cerber v2 will be renamed (encrypted) with 10 random characters followed by a
.cerber2 extension appended to the end of the encrypted data filename (i.e. Ku7dYlcvkj.cerber2) and leave files (ransom notes) named DECRYPT MY FILES#.vbs, DECRYPT MY FILES#.txt, DECRYPT MY FILES#.html as explained

here.

Any files that are encrypted with Cerber v3 will be renamed (encrypted) with 10 random characters followed by a
.cerber3 extension appended to the end of the encrypted data filename (i.e. um87p5n5x9.cerber3) and leave files (ransom notes) named # HELP DECRYPT #.txt, # HELP DECRYPT #.html, # HELP DECRYPT #.url as explained

here.

Any files that are encrypted with Cerber v4x/v5x will be renamed (encrypted) with 10 random characters followed by a
random 4 character hexadecimal extension appended to the end of the encrypted data filename (i.e. 1xQHJgozZM.b71c) and leave files (ransom notes) named README.hta, README.html, _HEJDDP_README_.hta, _HELP_HELP_HELP_5M6C2B8.ht
as explained
here. Any files that are encrypted with
Cerber v5x will also include a few new changes as explained
here.

Trend Micro released a
Ransomware File Decryptor for victims of earlier Cerber v1 infections but it has limitations. Expand the
CERBER Decryption Limitations link near the bottom of the page...must be used on the infected machine, may take several hours to complete decryption, some files may be only partially decrypted. The decryptor
does not work on Cerber v2/v3 encrypted files or the
newer v4x/v5x variants which use 10 random characters with a random 4 character (i.e.
.b71c) hexadecimal extension. Unfortunately that means, there is still
no way to decrypt files by these variants without paying the ransom.

There is an ongoing discussion in this topic victims you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Cerber Ransomware Support Topic - #DECRYPT MY FILES#.vbs, .txt, .html

When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it.

 

RANSOMWARE REMOVE HELP!!!

There are several different ransomware infections which append a random 4, 5, 6, 7, or 8 character extension to the end of all affected filenames (i.e. CTB-Locker, Crypt0L0cker, Maktub Locker, Alma Locker, Princess Locker, Locked-In, Mischa,
Goldeneye, Cerber v4x/v5x and some Xorist variants).

CTB-Locker and Maktub Locker are the two most common ransomware infections which use a random
6-7 character extension appended to the end of the file name. The newest variant of
Crypt0L0cker appends a random 6 lower alphabetic character extension.
Alma Locker appends a random 5-6 character extension.
Goldeneye appends an random 8 character extension.
Princess Locker appends a random 4-5 hexadecimal character extension.
Mischa appends a random 4 character extension.
Locked-In appends a random 5-15 character extension.
Cerber v4x/v5x encrypts files with 10 random characters followed by a random
4 character hexadecimal extension. Some Xorist Ransomware variants will also have a random character extension appended to the end of the file name.

Any files that are encrypted with Cerber v4x/v5x will be renamed (encrypted) with 10 random characters followed by a
random 4 character hexadecimal extension appended to the end of the encrypted data filename (i.e. 1xQHJgozZM.b71c) and leave files (ransom notes) named README.hta, README.html, _HEJDDP_README_.hta, _READ_THIS_FILE_<random hexadecimal>.html,
_HELP_HELP_HELP_<random hexadecimal>.hta (i.e _5M6C2B8.hta)

Any files that are encrypted with Cerber v5x will also include a few new changes as explained

here.

You can submit samples of encrypted files and ransom notes to ID Ransomware for
assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further
assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

If confirmed as Cerber...there is an ongoing discussion in this topic victims you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Cerber Ransomware Support Topic

 

Did you scan with a combination of an Antivirus and Malwarebytes? If so, which AV?

 

Defender and Malwarebytes

 

Also tried ESETTeslaCryptDecryptor, but didn't find anything

 

Hi. You need to disconnect that system from the internet immediately, and shut it down, in case you have contracted a ransomware.
Then you need to show file extensions to see what they are. Well, copy one and display it on another system, showing file extensions....
You can go here to identify what you have:
ID Ransomware

.