Blogs

Cerber Ransomware Talks to Its Victims

By David Balaban posted 06-08-2016 04:39

  

 

Cerber ransomware has been around since the end of winter 2016. It is one of the most lasting infections among the viruses that keep your data for hostage. The ransomware applies advanced encryption standard so that the files proper gets scrambled without a realistic chance to undo the decryption without the native decryption key. The key is only available from the servers controlled by the crooks. The IT security industry, however, applies effort to block the hackers’ servers. Sometimes they succeed to block all the hubs, and the ransomware makers give up releasing the decryption key to a wide public. That is not the case for the Cerber encryption, though.

The infection vector harnesses a number or schemes, the prevailing method being a spamming. The ransomware is actually available as a service. Anyone after going through quite a simple procedure can get a copy of the virus and start its propagation campaign. Therefore, the malware propagation employs a variety of approaches. If the target is a big business network, the hackers may even resort to a wardriving. The latter is a common IT term designating a direct attack on the local network. The attackers physically approach the network with their laptops and try to enter it via local network vulnerabilities.

This way or another, Cerber ransomware has managed to get installed on a great number of machines worldwide. It is to be noted, though, the infection abstains from executing its payload, if it detects the IP is located in certain regions, typically the Eastern Europe and Russia.  Meanwhile, the virus developers are known to be located somewhere in those lands. Perhaps, they have provided for the above exclusion as a precaution in hope the local cyber police would not prosecute them. Germany is the main target of Cerber now. Other countries suffer too but much less.

Once installed, the rogue scans for the files of all the common extensions. It is fair to say the virus covers virtually any data except the program and system files essential for system functioning. A peculiarity inherent in this release is that it speaks the ransom note to its victims, but the written edition of the note is available in multiple locations as well. The amount demanded in the message dropped by the ransomware is about 500 USD. The sum is to be paid in bitcoins and via specific TOR channel so that there is no risk for the hackers’ identity to be exposed.

The severity of the threat is high as it is hard to undo the damages caused. Nevertheless, some workarounds enable a satisfactory recovery, yet the removal of Cerber ransomware is a must.

 

0 comments
529 views