Office 365 Ransomware Removal (Cerber)

OFFER *Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found.               Spyhunter's EULAPrivacy Policy and more details about Free Remover.

Office 365 Ransomware Removal (Cerber)Office 365 Ransomware Removal (Cerber)Office 365 Ransomware Removal (Cerber)

This page aims to help you remove Office 365 Ransomware. These Cerber Ransomware removal instructions work for all versions of Windows, including Windows 10.

If you are reading this article, you may have caught the Office 365 Ransomware (Cerber). As a result, you may be looking for a way to remove it from your PC forever.  However, this virus is not similar to the ones you have encountered so far. It is blackmailing you for money, it seems to have really blocked some of your most important data and it is more than disturbing. 
If this is indeed your case, we have some good and some bad news for you. Unfortunately, this malware is probably the most threatening one that you can ever come across. Fortunately, below you will find some useful information about the typical behavior of this virus, as well as some helpful tips on prevention and, of course, a removal guide to instruct you how to remove Cerber.

The nastiest malware that has ever existed – Ransomware

Generally, Ransomware is a virus program that is reported to have been created in Russia during the 90s. Then it seems to have quickly spread worldwide.  At the present moment this malware represents the biggest threat to your digital security and one of the hardest to deal with.

As is suggested by the name itself, it is  a type of software that tends to ‘kidnap’ particular files from your system. It does so by exploiting a Trojan horse to enter your PC and then scan your storage for the most widely used files. Once it has predetermined them, it usually locks them up. As you might expect, its creators, certain hackers, only want your money, and as a result, they program the virus to generate a notification to let you know that your computer has been contaminated and ask for ransom to make it “healthy” again and restore the blocked files. The so-called encryption key that you are offered in exchange for your money is formed by two segments – a public one, which you immediately receive, and a private one, which you eventually have to “buy”.

  • It is important that you remember to remove the Trojan as soon as you have successfully gotten rid of the Ransomware. It is also a serious threat that shouldn’t be taken lightly.

How does Ransomware manage to get to your PC?

Ransomware can be spread by various means. Nevertheless, the most usual suspects for distributing it are spam emails and the corresponding to them infected email attachments, software bundles from suspicious sources, shareware, torrents and websites known for their shady origin and content.

The particular program that disturbs you – Cerber

In this paragraph we are going to explain how this particular specimen really works. Probably the first sign of an Office 365 Ransomware infected machine is the noticeable slowing down that the infected users often experience. This will actually be dependent on the processor power and speed of the affected system. However, more or less, the encryption process, which Office 365 Ransomware undertakes, consumes an incredible amount of system resources. Usually you can see that in the Task Manager of Windows, where the encryption process will be the one using the most RAM. In spite of that, such an infection more often gets revealed only after the encoding of the chosen files has been completed and the ransom message has appeared on the computer screen.

How are you supposed to act in case of an infection?

If you have been unlucky enough to catch Office 365 Ransomware, we strongly recommended that you do not rush into paying the amount of money the hackers are trying to get from you. What’s more, no moral or righteous actions should be expected from those criminals. Indeed, you have no reason to believe that they will restore your access to the lost files, even if you pay the ransom. Really, under no circumstances should you surrender to the hackers’ demands and pay before you have made at least some efforts to help yourself. Always remember that giving money to criminals is considered itself a criminal activity.

Luckily, you are not alone in your effort to remove Office 365 Ransomware. We have created a set of removal steps for you to follow and try to safely solve your current issue. Below you will also find some prevention tips to help you stay away from such viruses from now on.

When we talk about prevention

As with most of the physical diseases, prevention is what saves systems when it comes to digital health. Here we have assembled a list of simple and logical prevention tips that you may need to pay attention to, if you don’t want to be tricked by hackers again and again.

  • Invest in a reliable anti-virus program. Make sure that you purchase a well-functioning anti-malware tool with a good reputation. Doing that will spare you a lot of nerves as the Trojans that carry the Ransomware usually exploit program or/ and system vulnerabilities like not having an anti-virus tool.
  • Beware when it comes to the sources of the software that you install on your PC. Always put your trust into recognized and trusted websites.
  • Never open spam emails (or anything from/in them) from senders who you cannot recognize as familiar.



Name Cerber
Type Ransomware
Danger Level High (Ransomware are by far the worse threat you can encounter)
Symptoms  Probably slower performance during the encoding process. A disturbing message informing you about the infection and demanding ransom.
Distribution Method Most probably you have caught Office 365 Ransomware through your email – via a SPAM letter or an infected attachment.
Detection Tool Cerber may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove Office 365 Ransomware

Readers are interested in:

Office 365 Ransomware Removal (Cerber)

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.

Office 365 Ransomware Removal (Cerber)

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Office 365 Ransomware may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Office 365 Ransomware Removal (Cerber)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

Office 365 Ransomware Removal (Cerber)

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Office 365 Ransomware Removal (Cerber)

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

Office 365 Ransomware Removal (Cerber)

Office 365 Ransomware Removal (Cerber)

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Office 365 Ransomware Removal (Cerber) 

How to remove Office 365 Ransomware by using Windows restore

Please note that Windows restore will not be able to recover your files, but it may be able to remove the ransomware virus. 

For this you have to the system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”

Office 365 Ransomware Removal (Cerber)

It is possible to restore your files by using a backup copy created before the encryption

Make sure you remove the virus before you attempt recovery – removable drives may become infected otherwise. If you are using a cloud backup service, disable regular backups as to not replace your original files.

When you are certain your computer is ransomware-free, restore your files from the backup as usual.

If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably also want Recuva to scan all locations.

Click on the box to enable Deep Scan. It may take a really long time for the program to finish, so be patient.

You will now get a list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!


About the author


Maria K.

Leave a Comment