What is Cmb ransomware?
Cmb (or Combo) virus is a “successor” of widespread Dharma Ransomware, which was damaged millions of files on users machines around the world. Cmb ransomware has the same algorithm as others ransomware threats: firstly it infiltrate a registry of user’s PC, then the virus encrypts all important files and as final shows to victims some notes, where demand money for decryption. AES-256 encryption schema means that users cannot decrypt their files without special keys. All encrypted files get .combo or .cmb suffixies. Moreover, these extensions may be composite:
As you can see extension may contain an email address of virus creators, and every file, which has a link on these emails can be regarded as a part of a virus. Another feature of Cmb ransomware is a unique for every victim FILES ENCRYPTED.txt file, created by the virus:
Here you can read the text from ransom notes:
1. Decoding cost
The cost of decryption is 3 500 $. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency)
All your Remote desktop passwords hacked. Change all user passwords to more harder. Immediately!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible.
3. Free decryption as guarantee
You can send us up to 1 file for free decryption.
Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this.
4. Decryption process:
To decrypt the files, transfer money to our bitcoin wallet number: "1Q1rUuBjq9HmzDsuT9EZoYWG7J1sQFPLca". As we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
5. The process of buying bitcoins:
The easiest way to buy bitcoins:
IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification.
As you noticed, cyber scammers demand 3500$ for decryption and unfortunately some victims ready to pay a ransom. We think that it is better to deny such offers because real decryption by the hackers is not warrantied. The virus attacks a PC via an email with dangerous links, or over RDP via 3389 port . To prevent ransomware infiltration you should use modern antivirus software, such as HitmanPro.Alert’s CryptoGuard. If your system already infected by the virus, you should try to remove Cmb ransomware and decrypt .combo or .cmb files.
How to remove Cmb ransomware from your computer and restore files?
You may try to use anti-malware tool to remove Cmb ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
How to decrypt files encrypted by Cmb?
Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Decrypt files with automated decryption tools
Unfortunately, due to the novelty of Cmb ransomware, there are no available automatic decryptors for this virus yet. Still, there is no need to invest in a malicious scheme by paying a ransom. You are able to recover files manually.
Decrypt files manually
You can try to use one of these methods in order to restore your encrypted data manually.
Recover data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.
How to protect PC from Cmb?
It’s a pretty difficult task to get rid of any ransomware, including Cmb. But you can easily prevent any infection of your PC. HitmanPro.Alert’s CryptoGuard can help you with this problem. It’s one of the best anti-ransomware applications. No matter how sneaky it is, HitmanPro.Alert’s CryptoGuard will stop Cmb infiltration to your system. After detection, this program removes all the related to the ransomware data and prevents your file from being encrypted.