October 13, 2016

Trend Micro researchers have discovered an attack campaign that distributes Cerber 4.0 ransomware, the newest iteration of the malware.
The Cerber 4.0 Ransomware Is the Latest Version of the Popular Malware

The Cerber 4.0 ransomware was identified by Trend Micro in a series of attacks against various targets.

The discovered new version has changed the ransom note to the HTA extension instead of the original HTML version. And now instead of the “.cerber3” extension the victim files are renamed using random strings made with a generator that’s built-in in the ransomware code. According to the sources here are the newest additions to the Cerber code:

    FUD Antivirus feature
    Activity monitoring bypass
    Evades detection of all anti spyware programs
    Always active
    Added new instructions in 13 languages and a new background image
    Synchronization via the domain blockchain
    Adds random extensions to the victim files
    Updated encryption algorithm
    New target file name extensions
    Closes all running databases
    Updated JS Loader
    New TOR Onion domain

One of the campaigns that host the new versions of Cerber is known as PseudoDarkleech which mostly delivers various types of ransomware through hacked sites.

Two other malvertising advertising also spread the Cerber 4.0 ransomware. One of them uses the Magnitude exploit kit which has been used for previous versions of the ransomware.

Another campaign uses a casino-themed counterfeit ad that hosts the new payload as well. We are yet to see how far will the new Cerber code spread. It is very likely to spot other means of infection including spam email campaigns, so computer users should be extremely careful. If all of the new features are integrated in the Cerber 4.0 ransomware, then it would prove to be a really dangerous threat.

News Courtesy : http://bestsecuritysearch.com/cerber-4-0-ransomware-spotted/