We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine.
Read MoreCerber has become one of the most notorious and popular ransomware families in 2016. It has used a wide variety of tactics including leveraging cloud platforms and Windows Scripting and adding non-ransomware behavior such as distributed denial-of-service attacks to its arsenal. One reason for this popularity may be because it is frequently bought and sold as a service (ransomware-as-a-service, or RaaS).
The latest version of Cerber had functions found in earlier versions like the use of voice mechanism as part of its social engineering tactics. Similar to previous variants, Cerber 3.0 is dropped by the Magnitude and Rig exploit kits.
Read MoreUsers may wrongly perceive that apps and programs running in the cloud are fail-safe, when it has been increasingly used as a vector to host and deliver malware. Conversely, by targeting cloud-based productivity platforms utilized by many enterprises, the malefactors are hoping to victimize users who handle sensitive corporate data that when denied access to can mean serious repercussions for their business operations.
Read MoreThink about this, all your important files on the system are encrypted by no less than ransomware. Soon after, you receive ransom notes, one of which reads out the message and informs you that your files are held for ransom unless you pay the sum money.
Read MoreNecurs, a botnet malware that’s been around since 2012, has been improved with the hopes of better defeating cybersecurity measures — it was seen to evolve its second layer of infection using a .URL file (with remote script downloaders detected by Trend Micro as MAL_CERBER-JS03D, MAL_NEMUCOD-JS21B, VBS_SCARAB.SMJS02, and MAL_SCARAB-VBS30.
Necurs, a modular malware with variants that are capable of spam distribution, information theft, and disabling security services and elements, has been in around since 2012, propagating in the wild via the Necurs botnet.
Read More