Cerber remains the No. 1 ransomware in the world
There is no denying that 2016 has been a year of ransomware[1], but it was an especially successful time for one particular parasite — the Cerber virus. The prevalence of Cerber has been growing steadily, and this malware managed to outrun a number of powerful competitors such as Locky and Osiris[2]. During its climb to the top, the virus has undergone a number of improvements and modifications without which it probably wouldn’t have made it this far. There are already around 10 different versions of this virus and most of them spread via spam emails and fake software updates[3]. None of these variants have been decrypted yet which only proves there is undoubtedly an experienced group of hackers working on this malicious project. Unfortunately, online security experts do not foresee any decrease in the Cerber’s activity this year either, so the hackers will only continue heaping the illegal profit they collect from the unsuspecting victims.
Cerber has always been a destructive and dangerous threat; nevertheless, the most recent modifications have brought it to a whole another level. Now, anyone can take part in its distribution as the authors have launched the so-called Ransomware-as-a-Service campaign[4] and allowed wannabe hackers to use the program’s source code in molding their own versions of Cerber ransomware. Ransomware builder is promoted on the anonymous TOR network and can be obtained through auction or by paying the hackers directly. Besides, this tool is fully customizable, so the users can select the type of files they want to encrypt, the amount of ransom and the virus distribution strategy. It is impossible to tell how many of such virus versions are currently roaming the web, but we can only presume that this number grows extensively.
Adding to the RaaS campaign, Cerber’s expansion has also been significantly boosted by the RIG exploit kit[5] which the ransomware creators have applied for the malware distribution. This technique allows the virus to locate and target specific software vulnerabilities and exploit them for the virus deployment on the computer. Thus, without any exception, outdated programs can draw this malware both, to the personal computers as well as corporate computer networks. Nevertheless, Cerber is labeled as the number one ransomware for a reason. We cannot escape the fact that it also infects even the best-kept computers. But we can escape the data loss by creating backup copies of our files. So, if you have not made a backup yet, don’t waste time and get started!
- ^ Olivia Morelli. The most dangerous viruses of 2016. 2-spyware. Latest malware news.
- ^ January 2017 in review: Cerber is still in the leading position. VirusActivity. Blog about the current virus activity.
- ^ Cerber ransomware becomes the main concern of security professionals. Esolutions. News from the IT world.
- ^ Taylor Armerding. Ransomware as a Service fuels explosive growth. Csoonline. Security news, features and analysis about prevention, protection and business innovation.
- ^ Tom Spring. Inside the RIG Exploit Kit. Threatpost. The first stop for security news.