Good day,

All file extension in this HDD had converted to .ba91 when the user tried to open up a .cab file that he downloaded from email.

I tried Google it, find nothing about .ba91. Is there a way for me to know whether this is a computer virus or ransomware?
Thanks

in case of ransomware there should be a ransom note (readme or something like this) text or htm file in each folder. most likely a ransomware.

_________________
Data Recovery Pakistan

Have you tried the obvious? Rename a sample from the photos to .jpg or documents to .docx etc

....10 random characters and a random 4 character extension ....

is CERBER V4

Hi guys,

Yea it is ransomware. We found README.hta in every sub-folder.

Hi Spildit,
What can we see from hex editor? Sorry, this is the first time I receive ba91 file don't really know how to deal with it.

"The extension ba91 is not allowed." received this message when I tried to attach a sample file here

Thanks

Hi colanco, I noticed Trend Micro has the decryptor but do you think it works for Cerber v4 (it mentioned Cerber V1 on the website)

Is there any other way to decrypt the files other than paying for ransom (did anyone even get it decrypted after paying the ransom, I wonder) ..?

Gosh, this is so malicious..

It is Cerber 4 and unfortunately there is no way to decrypt

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners

OK.
Thanks northwind.