Header Ads

Cerber Ransomware Now Hunts for Databases

Cerber is one of the most popular ransomware. It has upgraded itself to target databases now. It is ready for purchase as a service (ransomware as a service) on the “dark net” as part of an affiliate program. Cerber is part of a turnkey service in which customers share 40% of their profits with the developers. In turn, the Cerber team does all the work on the back end to make it simple for their affiliates to spread the malware and receive payments from victims, minus the overhead costs.
This update is vital. It expands the abilities to not only targeted consumers but now to businesses as well. This is the newest trend with the top ransomware families. Attackers have recognized that though consumers may pay ₹20317–₹33862 for their data. As most criminals do, they seek the money.

Must Read: What is Smart Home

Three changes  

The latest version of Cerber has made three major changes. The malware now modifies the extensions of encrypted files to a random four characters. Earlier it changed the extension of altered files to .cerber3. This adjustment makes it more challenging to scan for affected files.  Second, a new HTML executable file displays the ransom note and instructions in a window. It is cleaner, provides links, and is more professional looking. This may give victims more assurance that they are dealing with professionals and should expect to receive a key to unlock their files if they pay.

Finally, and most important, the malware now tries to stop database processes operating on the target system so it can encrypt the data. This is a significant change in focus from consumers to businesses, which typically run databases containing important operational data. When database files are open and in use by software, they cannot easily be encrypted. Cerber tries to close the database software so the files can be encrypted.

Must Read: Android Chrome exploit allows Svpeng trojan to bypass security measure

Big business 

Ethical Hackers Club Security experts believe Cerber is based in Russia because it avoids systems configured in the Russian language. But it has the rest of the world to target, and it does well. Estimates vary, but profits appear to range from ₹67674950 to ₹169187375 per year. In August, Check Point Software and IntSights tracked 161 attacks active with eight new ones launched every day. In July, they tracked 140,000 new system infections, with an average extortion demand of one Bitcoin.

Cerber developers are accelerating the next evolution of ransomware by going after database files. Admins, watch your database processes for unexpected stops. It might be an evidence of Cerber ransomware trying to threaten file integrity. But that would be the wrong time to consider establishing good backups and implementing good security habits.
The best strategic cyber security capability process includes elements to Predict, Prevent, Detect, and Respond to risks. This is essential for protection against ransomware. A reliable data backup/restoration capability is necessary, as quality antimalware to block attacks is. Behavioral checks to educate users will overcome the biggest infection vector: people starting infected phishing emails. Rapid detection and sensors must be present to quickly raise the alarm for variants that cannot be stopped. Recovery teams with clear processes, tools, and backups must get things back to normal. Defeating Ransomware is not an easy task, but the first step it to have a comprehensive plan, resources, and supports. Cerber and others will continue to evolve. Therefore, your security must be just as active.

Video credit:  http://www.securityspyware.com/cerber-ransomware-virus-removal-decrypt-random-extension/
Interested in more?  Follow me on Twitter (@Shivam_Gosavi) to hear insights and what is going on in cybersecurity.

Powered by Blogger.