December 26, 2016
A fresh ransomware campaign is spreading over the internet which is circulating Cerber ransomware. This campaign is capable of infecting a large number of systems.
A team of security researchers at Heimdal Security research has found that this ransomware could not only affect individual internet but could heavily damage enterprises. A member of the research team, Andra Zaharia revealed that “targeting companies’ databases to maximize profits from the ransom, so this is another reason to take additional precautions.”
The main motive behind this campaign is to basically try to exploit weaknesses in the internet browsers like Silverlight, Internet Explorer, Edge and software like Flash Player.
According to the reports of hackread, "The campaign starts with infecting genuine websites through injecting malicious script, which is actually the Nemucod generic malware downloader. The script then redirects the traffic to a Cerber gateway called Pseudo Darkleech. It is a kind of malware infection that adds a strong clouding layer so that detection could be avoided. Nemucod is used in this campaign because it can easily run Cerber ransomware. Remember, Nemucod was recently used in another campaign in which hackers were using images on Facebook Messenger to drop Locky ransomware. However, it was firstly identified in December 2015 as a “Trojan downloader.”
This campaign is totally different from the other ransomware campaigns as in this ransomware there are several types of malware.
The cyber criminals aim to make the infection resistible to all the antiviruses in the mean time it completes the encryption of the data present on the computer, and when data encryption is complete, the victim is asked to pay the ransom, which ranges from 1.24 BTC (bitcoins) to 2.48 BTC, equivalent to $1,068 to $2,136 as per the latest BTC rates.
Cerber ransomware was discovered three months ago.
There is no way to keep oneself protected from the ransomware, just never download files from an unknown email and always keep a backup of your data.
If you are the victim of this ransomware then contact ‘No More Ransom,’ an anti-ransomware portal that recovers encrypted data for free.