Data security

Fueled by Dridex Botnets, Cerber Ransomware is on the rise

Since the start of April, the experts at FireEye Cyber Security Company witnessed a trend in the attacks of Cerber Ransomware. The experts noted that the method of transmission of the Ransomware was through a flood of Spam.

Taking a clue from the former attacks of this kind, the aforementioned experts have concluded that the authors of Cerber Ransomware infection have used the Dridex Botnets. Thus, by adopting the potent qualities of Dridex, the financial capabilities of Cerber Ransomware have increased manifolds as a result.

Creber Ransomware on the rise

Although it has a short shelf life, Dridex has made its name amongst the Cyber Security Agencies due to its ability to get sensitive financial credentials. The malware attacks, boosted by the Dridex botnets, send millions of messages everyday thus making it impossible for the security agencies to check their spread.

Looking at the history of Cerber Ransomware and it is safe to note that this Malware has gained unprecedented importance. Ever since it first came to the fore in February, Cerber has gained worldwide fame.

After penetrating through the unpatched flaw that was present in the Adobe flash player - a flaw that was later covered by an update from Adobe, Cerber tended to speak to the victim in a bid to gather ransom.

Thus, as evident from the aforementioned discussion, Cerber utilized the exploit kits that were present in the Flash players.

These exploit kits, named as Nuclear and Magnitude, were both involved in the spread of Ransomware back in February. As a result, Cerber penetrated through the protective layers of Windows 10 or earlier versions of windows.

Looking at its most recent attack and it is safe to say that Cerber has grown in stature this time around. By partnering with Dridex - a Spam distributor known for its destruction already, the manufacturers of Cerber have tried to fortify their foothold.

Now, the question arises why Dridex is so deadly? The answer, as experienced by various consumers and business alike, lies in the acquirement of monetarily connected identifications.

The main mean of a distribution that it uses is the Dridex Botnets. These Botnets have been involved in myriad spam campaigns ever since it first surfaced in early February.

Cerber uses the same eye with a spam email coming in the form of an invoice. Once the users click on the invoice, the Ransomware spreads through the system by enabling micros. Once these micros are enabled, they will download and Install VBScript.

Afterward, VBS manipulates itself to prevent detecting and undergoes reverse engineering so that the junk code which has been induced can't be detected. From now on, the onus is with Cerber as it checks the availability of the Internet connection.

Provided that the system is connected to the internet, the last piece of the Cerber Jigsaw is delivered. In addition to receiving the last part of Cerber Ransomware, the Internet connection is also used by the VBScript to get a JPEG file.

In addition to the aforementioned similarities, there is a myriad of areas where Cerber acts as juxtaposing of Dridex. Using the English language as the method of communication, filling the SPAM email with an invoice, and displaying a voice message on the Desktop of the victim are some of the few things which suggest that Cerber is simply a successor of Dridex in the field of Malware.

Turning our attention to the working mechanism of Cerber and it is important to note that despite its unique method of penetrating into the system, the running mechanism of Cerber is the same as that of any traditional Ransomware.

After targeting the likes of Word documents, Mailboxes, and gaming files, Cerber exchanges their extension with a ".cerber" file. By changing the extension, Cerber makes it impossible for the general Computer user to detect the new location of these files.

Thus, if you own a personal computer or want to protect the system of your organization from the attacks of Cerber Ransomware, I would suggest you make a backup of your files.

While it may seem difficult to contain a backup of all files at once, my suggestion to you is to first create a backup of files that are sensitive to you and your organization.

However, in creating a backup, there are certain rules you ought to follow otherwise the time that you would spend in creating a backup will be wasted. First, don't create a backup when your computer is connected to the Internet. Second, after creating a backup on the external device, make sure that it is immediately disconnected from your computer.

Finally, if you are caught amid the attacks of Cerber Ransomware, I would suggest you not to pay the ransom upfront. While there is no guarantee that the Hackers would give your files back, your decision of giving them what they want would fuel the hopes of hackers to attack more innocent victims.

If you have any questions, please ask below!