CERBER is a ransomware family that has seen its share of unusual features since its appearance early last year. From its use of audio warnings, to the targeting of cloud platforms and databases, to distribution via malvertising, emailed scripting files, and exploit kits, CERBER has always been willing to keep up with the times, as it was. One reason for its apparent popularity may be the fact that it is sold in the Russian underground, giving a wide variety of cybercriminals access to it.
However, we’ve started seeing CERBER variants (which we detect as RANSOM_CERBER.F117AK) add a new wrinkle to their behavior: they have gone out of their way to avoid encrypting security software. How did they do this?Read More