TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Cerber Ransomware emerging as a major threat

A study reveals, the Cerber ransomware attacks have been showing an upward trend continuously. The ransomware mainly exploits a security flaw that targets PCs running on Windows. When infected, the data on infected computers becomes encrypted with AES encryption and demands ransom in exchange for information.

Fireeye

Cerber Ransomware

Attackers these days are relying more on spam network for making the Dridex financial Trojan a serious threat. Cerber distribution method is mostly via exploit kits, with Magnitude and Nuclear Pack exploiting a zero-day in Adobe Flash Player (CVE-2016-1019). However, FireEye reports reveal something more important – It suggests Cerber is now part of a spam campaign linked to Dridex botnets.

Dridex is a financial Trojan that targets the acquisition of financial details of a user. Chief mode of distribution is Dridex botnets believed to be the force behind massive spam campaigns since February.

FireEye security analysts in a research blog writes:

“By partnering with the same spam distributor that has proven its capability by delivering Dridex on a large scale, Cerber is likely to become another serious email threat similar to Dridex and Locky”.

According to FireEye, Cerber ransomware follows the same spam framework as Dridex. How is this done? Emails are sent with an attachment disguised as an invoice. It is this invoice that features malicious VBScript. Once the user opens the document a process is initiated that injects the virus and avoids detection.

It, then targets email, Word documents, and other files appending encrypted files with the ‘.cerber’ file extension. Victims are prompted to visit various versions of the “decrypttozxybarc” domain.

If the threat of Cerber is not taken seriously it will emerge as a serious problem similar to Dridex and Locky ransomware. As such, it is better to follow old saying ‘Prevention is better than cure’. Users should be to be cautious when opening documents and other files from unknown senders.

UPDATE: Check Point has released a Cerber Ransomware Decrypter Tool.

Read: What to do after a Ransomware attack.

Updated on Tags:

HemantSaxena@TWCN

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap