October 13, 2016
Trend Micro researchers have discovered an attack campaign that distributes Cerber 4.0 ransomware, the newest iteration of the malware.
The Cerber 4.0 Ransomware Is the Latest Version of the Popular Malware
The Cerber 4.0 ransomware was identified by Trend Micro in a series of attacks against various targets.
The discovered new version has changed the ransom note to the HTA extension instead of the original HTML version. And now instead of the “.cerber3” extension the victim files are renamed using random strings made with a generator that’s built-in in the ransomware code. According to the sources here are the newest additions to the Cerber code:
FUD Antivirus feature
Activity monitoring bypass
Evades detection of all anti spyware programs
Added new instructions in 13 languages and a new background image
Synchronization via the domain blockchain
Adds random extensions to the victim files
Updated encryption algorithm
New target file name extensions
Closes all running databases
Updated JS Loader
New TOR Onion domain
One of the campaigns that host the new versions of Cerber is known as PseudoDarkleech which mostly delivers various types of ransomware through hacked sites.
Two other malvertising advertising also spread the Cerber 4.0 ransomware. One of them uses the Magnitude exploit kit which has been used for previous versions of the ransomware.
Another campaign uses a casino-themed counterfeit ad that hosts the new payload as well. We are yet to see how far will the new Cerber code spread. It is very likely to spot other means of infection including spam email campaigns, so computer users should be extremely careful. If all of the new features are integrated in the Cerber 4.0 ransomware, then it would prove to be a really dangerous threat.
News Courtesy : http://bestsecuritysearch.com/cerber-4-0-ransomware-spotted/