Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.
Distributed Denial of Service attacks utilize previously-infected “botnets” (networks of infected computers) to slam the targeted system with a ferocious amount of traffic. The legs of the targeted system eventually buckle, and the organization’s operations are crippled by downtime. Now that ransomware is using DDoS attacks, it becomes much riskier to ignore a ransomware warning. Plus, the infected computer is brought into the botnet and used to torture other poor souls who are unfortunate enough to get infected.
Cerber demands a ransom of 1.24 Bitcoins to unlock the ransomware. As of this time of writing, 1.24 Bitcoins are valued at approximately $718.
The intended victim receives an email containing the ransomware which, when activated, adds three files to the desktop of the victim’s computer. Each contains the same message; one is a simple TXT file, another is HTML, and the third is a Visual Basic Script that converts to an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! To add insult to injury, this message will trigger every time you boot your computer.
The hackers make it quite easy for users to pay the ransom. The two files contain instructions to navigate to the Tor payment site, while also offering some inspirational advice: “What doesn’t kill me makes me stronger,” transcribed in Latin. In most cases, we recommend against paying the ransom, but sometimes it’s unavoidable; particularly if you don’t have a secure data backup. Still, there’s no guarantee that the hacker will ever release your files, and contributing funds will only further their goals to attack others like yourself.
There’s currently no known way to eliminate Cerber, which makes it crucial to protect your systems from infection. In particular, you should focus on security best practices and identify phishing scams, as this is the primary mode through which ransomware spreads. As the business owner, you need to ensure that your organization follows these practices, from the top-down.
- Users need to understand email security best practices. This includes being wary of unsolicited messages that contain attachments or suspicious links.
- All of your organization's mission-critical data should be backed up and stored in an isolated location. This way, even if your network becomes infected with ransomware, you can just restore the backup to avoid paying the hackers.
- Keep your systems updated with the latest versions of software solutions, and always keep your antivirus solution updated with the latest threat definitions. Malware designers are always trying to outpace security professionals, so stay one step ahead to help keep yourself secure.
For more information about cyber security and other best practices, reach out to Infradapt at 800.394.2301.