Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Cerber Ransomware Hits Victims.
#1
Fresh Outbreaks of Cerber Ransomware Hits Victims
Cerber offered as Ransomware-as-a-Service is making victims

[Image: LWym6A6l.png]

There’s a new outbreak of Cerber ransomware, security experts warn. What makes this one particularly nasty is that it was offered as a form of Ransomware-as-a-Service (RaaS), which means affiliates can join in order to distribute the malware, while the developers of Cerber earn a commission from each ransom paid by victims.

Security firm Cyren notes that the new outbreaks are being distributed using variants of Nemucod, which is one of the most popular malware distribution tools.

The attack is based on email messages featuring zipped JavaScript attachments. The filenames all have a pretty similar name, starting with “DOC,” followed by a ten digit string and ending with “-PDF”. The file, however, is none of these files, but a JavaScript attachment that will bring you a lot of trouble.

“Following more detailed analysis of the JavaScript attachment, we identified 2 major variants of Nemucod malware, each variant comprising hundreds of samples that all connected to a single distribution site hosting the ransomware. The two major variants are detected by Cyren as JS/Nemucod.GE!Eldorado and JS/Nemucod.ED1!Eldorado,” reads Cyren’s blog post.

Two variants, same goal

The JS/Nemucod.GE!Eldorado variant was first noticed late last year. The malicious code is hidden among random garbage code and it’s not hidden by any encryption. The malware code is really just a few lines that indicate the purpose of it all is to download a file and execute it. The file, titled “cer.jpg” hints about the payload. Once downloaded, the .jpg extension is replaced with .exe, allowing the ransomware to go wild on your computer.

The second variant, JS/Nemucod.ED1!Eldorado is hidden a little better among the garbage code. While the code is a bit longer, the behavior is the same and it even tries to download the same payload on the same site.

Once activated, Cerber encrypts a wide range of document and image files and places the ransomware file in each folder. The worst part about it, is there’s no free decrypter for Cerber, so way to get out of it without paying unless you give up on your files.  That being said, please stop downloading all the files you get over email  if it’s from an unfamiliar source.

A few weeks ago, Microsoft was very proud of Windows 10 for being able to stop malware such as Cerber from infecting people's computers.

Source: http://news.softpedia.com/news/fresh-out...2890.shtml
Reply
#2
This is one of the most risky ransomware. Within seconds you lose all your data (encrypted). Till now no solution

You must have a backup for your data
Reply
#3
I think there are two good options available to protect the system from any type of security breach.
  • Macrium Reflect - creating different timeline's to go back and forth.
  • Rollback Rx - creating snapshot's to restore your system, when ever you want. 
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  RansomEXX ransomware Linux encryptor may damage victims' files mrtrout 0 626 09-30-2021 , 09:52 PM
Last Post: mrtrout
  SynAck ransomware gang releases decryption keys for old victims mrtrout 0 600 08-13-2021 , 07:10 AM
Last Post: mrtrout
  Refunds Offered to Victims of Ziggy Ransomware Gang Bjyda 0 814 03-31-2021 , 07:55 PM
Last Post: Bjyda
  Ryuk ransomware hits 700 Spanish government labor agency offices mrtrout 0 1,031 03-10-2021 , 07:38 PM
Last Post: mrtrout
  Emotet malware hits Lithuania's National Public Health Center tarekma7 0 865 01-01-2021 , 01:22 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)