How to Identify Cerber Ransomware and Prevent Yourself Against It

Ransomware threats are increasing day by day. They have crippled the cyber space and their activities are growing in number. Just recently confirmed, a new ransomware has gained entry into the web that encrypts the users’ files like any other ransomware but then follows a twist. This ransomware utilizes the Text to Speech [TTS] feature to read out the threat and calls itself Cerber ransomware.

Cerber ransomware homepage
Cerber ransomware homepage displays message for ransome from cyber criminals | CC:- PC Risk

What you need to know about Cerber Ransomware

The indications of the attacks by this particular ransomware broke out in the previous month. The security company SenseCy named Cerber ransomware as “the child of Russian coders.” They have teamed up to promote ransomware, like Cerber, in the form of Ransomware as a service or RaaS. Illegal platforms are being used to spread this ransomware within Russia.

RaaS is a fresh model being utilized for the purpose of business to benefit the malware operators. This service is a platform through which ready-coded ransomware is delivered to the criminals while circulating through spam runs or spear-phishing. A small percentage is charged by the actual criminals who are involved in coding the malware. This occurs if a ransom is made by a victimized user.

Distinct features are demonstrated by the Cerber ransomware. It has been spread over the web with the aim of not being spread in countries that speak Russian. As per the investigations by the security teams, the code of Cerber hints that it was created in a way that the users within the Soviet nations will not be infected by it. Thus, Cerber demonstrates a development in its design that infects people residing only in non-Russian speaking countries. Prior to the file encryption, Cerber displays an error message that compels the user to reboot the PC in a safe mode, followed by repeating the process again in normal mode.

The computer is then deceived by the ransomware while restarting in Safe Mode with Networking. Then this malware restarts the device forcibly. This is exactly when the file encryption process initiates with the use of cryptography AES algorithm. The main issue that is currently being faced with this ransomware is that it cannot be decrypted. Once the files have been encrypted on the device of the victim, the malware places three files on the system. They carry the necessary information pertaining the ransom amount that needs to be paid in three particular file formats – text, VBS, and HTML. This is done in each folder where the encrypted data has been contained. Cerber informs the victim about making a payment of 1.24 Bitcoin upon viewing the VBS format in order to have the encrypted files retrieved. Any delay in payment would result in the ransom amount being doubled with each passing week.

The most peculiar thing about the Cerber is that the ransom message is read out loud to the victim. Although the malware comes from the underground malware forums of Russia, it is quite effective and there is no way to have the files decrypted without paying the ransom amount being demanded. With each passing day, new things are coming to light about this threat that has slowly started gripping the cyber world. The ransomware first checks the country to which the device of the victim belongs before commencing the file encryption. It terminates its actions if the user resides in any of the twelve Soviet nations, including Russia, Armenia, Azerbaijan, Belarus, Kyrgyzstan, Kazakhstan, Moldova, Turkmenistan, Tajikistan, Ukraine, Uzbekistan and Georgia. In addition to this, the ransomware leaves a message that states,“That which does not kill me makes me stronger,” which is another unique thing about this ransomware. The VBScript compels the system of the victim’s device to actually read out the message, thus making it unique amongst the other sophisticated ransomware.

A link to the Tor-based website is contained within the note asking for ransom, which happens to be the Decryptor of the Cerber ransomware. The victim can find the step by step guide on making the ransom payment with the aid of Bitcoin crypto currency. The website comes with additional warnings of the fee getting doubled if the payment is not made within seven days. To save yourself from being a victim of this ransomware, you need to consider restoring your files from a backup if you have any. With the web space getting vulnerable to malware and other threats, it is crucial to have a backup of all your files.

As the ransomware is relatively new in the cyberspace, it is being analyzed by several security agencies. The documents encrypted by this ransomware come with an extension of .cerber. This ransomware has the capabilities to scan and list unmapped shares of windows. The data within the shares is encrypted by the ransomware. If the network setting is by default 1 in your configuration file, this ransomware will scan it and encrypt all the shares of networks that are accessible through your network, even if they are not mapped to your device.

Cerber ransomware encrypted files

Security experts are recommending the system administrators to beef up their networking security shares. This is crucial because of the increase in the frequency with which several strains of ransomware are making use of this functionality in their designs. The decryptor of this ransomware demonstrates compatibility with twelve different languages.

Targetted Extensions on Your PC by Cerber Ransomware

The picture below displays some of the file extensions that the cerber ransomware criminals are targeting.

Cerber targeted file extensions
Cerber ransomware targeted file extensions on your PC. | CC:- Techndustries LLC

The only way to remain safe from this dangerous ransomware is to prevent clicking on suspicious or malicious links, have an antivirus solution updated on your systems, and maintain a regular backup of the crucial information that you do not want to be missing from your device. This can save you from having to pay for the files encrypted by the ransomware. Using the best security services is the only solution to combat the threat until the cyber security experts come up with a decryptor by studying the strain. Prevention is always better than cure, and it implies to the increasing fragility that is common in the cyberspace. With every ransomware getting stronger, it has become crucial for organizations and individuals to follow the preventative measures.

You will agree with me that ransomware attack has become a global phenomenon and this Cerber ransomware isn’t going to be the last one of its kinds. So, it is your responsibility to always stay abreast of any incoming attack against your workstation.





Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.