July 13, 2016
Microsoft security researchers have uncovered that the constantly evolving Cerber ransomware has surpassed its predecessors CryptXXX and Locky to become the most detected ransomware in the past 30 days. The researchers also said that Cerber has taken over a "quarter of all ransomware infections".
"We started seeing Cerber in February 2016, and since then it has continuously evolved and is now one of the most encountered ransomware families – beating both Exxroute and Locky. The evolution is mostly based around the way in which Cerber is being distributed – with a focus on exploit kits, compromised websites, and email distribution," Microsoft malware researchers Carmen Liang and Patrick Estavillo said in a company blog.
The researchers said while Cerber is especially widespread in the US, Western Europe and Asia, the ransomware has also been detected across the globe, including parts of Australia and Southern Africa. Cerber utilises several distribution methods to infect systems, including via spam emails, malicious exploits kits and compromised websites. Microsoft said the Angler, Neutrino and Magnitude exploit kits have been identified as distributing the Cerber ransomware.
The ransomware has also undergone several updates, the latest of which, as noted on 8 July, involved hackers demanding ransom in the form of bitcoins. The ransom note gave the victims a period of five days within which to pay up, with the threat of the amount being doubled if victims refuse to comply. In June, security researchers had identified a strain of the ransomware having evolved to morph every 15 seconds, in efforts to evade detection from security defence processes.
Microsoft has advised users to remain on alert for scam emails, phishing scams and clicking on malicious attachments or compromised sites. The July 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) now also comes with Cerber ransomware detection support.