The Cerber ransomware has rapidly evolved since its first apparition, it is considered one of the greatest success of the Ransomware-as-a-service (RaaS).
The Cerber 4.0 was released in the wild a few weeks after the version 3.0, it encrypts files and appends a randomly generated file extension (while the previously used extensions were .cerber3, .cerber2, .cerber).
The newest variant has shifted from an HTML ransom note to an HTA one.
The experts noticed that recently Cerber 4.0 is mainly dropped by the RIG toolkit, which is also the most active Exploit kit in this period.
“As we reported previously, Cerber has become one of the most prominent ransomware families of 2016. It has a wide range of capabilities and is often bought and sold as a service (ransomware-as-a-service or RaaS)—even earlier versions were peddled as RaaS in underground markets. The rapid release of Cerber updates have made it an increasingly popular payload for several exploit kits. ” reported TrendMicro.
The experts also noticed another malvertising campaign dropping the Cerber 4.0 via the Magnitude exploit kit. The campaign has been seen targeting devices in numerous Asian countries, including Taiwan, Korea, Hong Kong, Singapore, and China.
The experts noticed many other campaigns leveraging on the Cerber 4.0 including one that usually employs a casino-themed fake advertisement.
Another campaign started on October 3 is leveraging the Neutrino exploit kit to target users in the US, Germany, Spain, Taiwan, and Korea.
“Malvertising and exploit kits in general are being developed and improved constantly by cybercriminals, so keeping software updated with the latest security patches is critical for users and enterprises. This includes both the operating system and all applications being used. Make sure there is a security system in place that can proactively provide a comprehensive defense against attackers targeting new vulnerabilities,” Trend Micro researchers note.
(Security Affairs – Cerber 4.0, ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.