There is a fresh ransomware campaign circulating on the web that is spreading Cerber ransomware. This campaign is quite dangerous because it has the tendency of infecting a large number of systems.
Andra Zaharia, a member Heimdal Security research team states that this ransomware campaign affects not just individual internet users but also enterprises. The research further reveals that Cerber has started “targeting companies’ databases to maximize profits from the ransom, so this is another reason to take additional precautions.”
With this fresh campaign, cyber-criminals are basically trying to exploit weaknesses that prevail in mainframe internet browsers such as Silverlight, Internet Explorer, Edge and software like Flash Player.
The campaign starts with infecting genuine websites through injecting malicious script, which is actually the Nemucod generic malware downloader. The script then redirects the traffic to a Cerber gateway called Pseudo Darkleech. It is a kind of malware infection that adds a strong clouding layer so that detection could be avoided. Nemucod is used in this campaign because it can easily run Cerber ransomware. Remember, Nemucod was recently used in another campaign in which hackers were using images on Facebook Messenger to drop Locky ransomware. However, it was firstly identified in December 2015 as a “Trojan downloader.”
What makes this campaign different from other ransomware campaigns is the fact that this time cyber-criminals have incorporated several types of malware in one single attack. This is why researchers are referring the campaign as a malware cocktail of sorts.
This cocktail includes Nemucod, DarkLeech and Cerber and the sole purpose of utilizing so many infections at one time is to avoid detection through anti-virus. The attacker(s) aim is to make the infection persist until the encryption of the data on the victim’s computer is completed, and the attacker could ask for ransom. When data encryption is complete, the victim is asked to pay the ransom, which ranges from 1.24 BTC (bitcoins) to 2.48 BTC, equivalent to $1,068 to $2,136 as per the latest BTC rates.
On the other hand, Pseudo DarkLeech makes use of secret iframe injections and randomizes elements to let the malware operate without getting detected. Cerber, which is a professionally coded sophisticated ransomware, was identified in March 2016 and offers customization options. Just like Locky ransomware, Cerber also accesses Dridex spam network. This means it can be “pushed out quickly in large spam campaigns,” states Zaharia.
Cerber ransomware was actually discovered about three months ago. The dangerous features of this ransomware include encrypting files and killing database process servers.
To keep yourself protected from this and other ransomware attacks never download files from an unknown email and always keep a backup of your data. In case, you are already infected with a ransomware contact ‘No More Ransom,’ an anti-ransomware portal that recovers encrypted data for free. Until now, the portal has saved 2500 ransomware victims saving 1.3 million Euros.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.