• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Cerber Ransomware Encrypts Files, Kills Database Process Servers

October 9th, 2016 Uzair Amir Security, Malware 0 comments
Cerber Ransomware Encrypts Files, Kills Database Process Servers
Share on FacebookShare on Twitter

You may know Cerberus often called the “hound of Hades”, a monstrous multi-headed dog but in this case, Cerber is one nasty ransomware locking files and making it hard for victims to recover their data.

[squaread][/squaread]

Lately, we have been hearing a lot and quite often about the Cerber ransomware, which so far has proven to be this year’s most prevalent ransomware family. Reportedly, Cerber ransomware accounted for over one-quarter of the total ransomware detections in the past three months and has generated $2.3 million annual revenue.

Now, we hear that this particular ransomware has become even more powerful with its improved key generation back in August and the capability of using random extensions for encrypted documents. However, the most devastating of them all is that the latest version of Cerber ransomware can kill database servers’ processes with these enhanced capabilities. It is called Cerber 3.0 while the extension it uses for encrypted documents is dubbed as .cerber3.

MUST READ: HOW TO SECURE CYBER-INFRASTRUCTURE FROM RANSOMWARE?

Bleeping Computer reports that the ransomware can kill many database processes through the close process directive present in its configuration file. The ransomware terminates all or some of the processes prior to starting the data encryption process. This way, it can encrypt data files of the processes as well since the data file wouldn’t be available for encryption if the process was active.

Previously, Cerber was distributed via exploit kits, malware scams and spam emails. From September onwards, researchers have noticed a change in its distribution trend. It is now being distributed by Betabot. In its latest version, the ransom amount has been reduced and the ransom note has also been modified but even in this version, the victims are contacted via an audio file.

The Cerber 3.0 uses a four-character extension now, which is randomly generated and the encrypted file’s name is also scrambled to make data recovery really difficult if not impossible. Moreover, the ransom note is dubbed as README.hta.

MUST READ: 7 CASES WHEN VICTIMS PAID RANSOM TO STOP CYBER ATTACKS

The list of the processes targeted by Cerber 3.0 is as follows:

“msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe, oracle.exe, ocssd.exe, dbsnmp.exe, synctime.exe, mydesktopqos.exe, agntsvc.exeisqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, agntsvc.exeagntsvc.exe, agntsvc.exeencsvc.exe, firefoxconfig.exe, tbirdconfig.exe, ocomm.exe, mysqld.exe, mysqld-nt.exe, mysqld-opt.exe, dbeng50.exe, andsqbcoreservice.exe.”

#Cerber #Ransomware mixing things up? Seeing “README.hta” (goes to legit Cerber page), with random 4char ext, e.g. “.98a0”, “.a37b”, “.a563” pic.twitter.com/5qJMkHbCLL

— Michael Gillespie (@demonslay335) October 2, 2016

cerber-ransomware-encrypts-files-kills-database-processes-servers

Readme.hta File of Cerber Ransomware / Image Source: Twitter

Similar to its previous versions, the new Cerber ransomware version also sends UDP packets to the 31.184.234.0/23 range.

  • Tags
  • Cyber Crime
  • Encryption
  • hacking
  • internet
  • Malware
  • Ransomware
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Eko Malware Targeting Facebook and its Messenger Users
Next article Why and how to delete your Yahoo email account permanently
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

47
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us