Cerber ransomware continues evolving, new features added
When the IT specialists first encountered Cerber, they did not have the idea what challenge they will have to face. Remembering the myth of Cerber dog, guarding the gates to the Underworld, this virus seems to justify its title. Besides being a ransomware which is able to lock valuable personal information, it has been improved to a state that it can literally address you. In addition to that, now it can connect the infected PC to a botnet used to send out Cerber ransomware.
In the beginning, the virus did not seem so terrifying. It looked like an ordinary ransomware which encrypts personal files. In order to retrieve them, it asked its victim to pay more than 500 dollars for Cerber Decryptor – a program which should decode encrypted files. Unfortunately, but Cerber has rapidly evolved into a full-fledged computer threat which now causes a headache not only to ordinary PC users but IT professionals as well. After encrypting the files and appending .cerber extension to every locked file, the ransomware threat now ruins essential registry keys and generates fake system alerts which restart the system by force. Moreover, after executing VBScript, it plays an audio file, which states that victim’s documents, photos, databases and other important files have been encrypted.
Speaking of the distribution of this horrifying threat, its transmission ways are also worth of attention. Cerber mainly infects its victims via an RTF word document which comes along with an email. At this point, we should not that hackers have mastered the technique used to convince users to open their malicious emails. Usually, they include alarming subjects such as “Your FedEx Delivery”, “Confirm your order”, “PayPal: Your Account Has Been Suspended” and “Your BestBuy order has been delivered.” One of the latest examples used to spread Cerber ransomware reads:
You received a voice mail: VOICE452-894-6472.wav
Caller-Id: 452-894-6472
Message- Id: J9G54T
This e-mail contains a voice message.
Download and extract the attachment to listen to the message.Sent by Microsoft Exchange Server
To sum up, it seems that Cerber virus has become a “pearl” among other ransomware threats which inflicts highly severe damage. What we, ordinary users, can do against this menace? The virus has reminded us that no one and nothing can be trusted on the Web, so keep in mind that any official-looking email should be regarded with cautiousness. Finally, arming yourself with latest versions of the anti-virus and other security programs might also come as effective protection.
Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.
