Cerber Ransomware

Look who’s talking? It’s not John Travolta or Bruce Willis!

A new rendition of the Cerber ransomware comes with an interesting twist: It tells people that they have been infected – and that they need to pay up or lose their files forever.

That’s enough to make changing a dirty diaper – from the perspective of a fully conversational newborn — seem downright refreshing. The film Look Who’s Talking, with the baby voiced over by Bruce Willis and starring Kirstie Alley and John Travolta, had just that, and it came in a more simple time without ransomware.

But ransomware certainly is a big moneymaker now for criminals. Here are a few interesting yes, no, and maybe details about the Cerber ransomware:

Yes, it talks

One of the files that the ransomware creates on victims’ computers has a VBScript, which makes the computer play an automated female voice reciting “Your documents, photos, databases, and other important files have been encrypted.” The vocal angle is a new twist that you can (safely) listen to yourself at Bleepingcomputer.com.

Yes, Cerber has a business plan

Cerber is RaaS – Ransomware as a Service. In a nutshell: One guy writes in, another one sends it, and they all share in the loot. Just call it service with a smile. Technically, to make this happen, the bad guys writing this ransomware have had to put it into a neat package that be easily be passed around and distributed. Expect to see a lot of this in the future.

Earlier renditions of Cerber could be decrypted without paying the ransom. With this latest version, Cerber ransomware can’t be decrypted anymore. The developers added the captcha feature in the decryption flow which makes the decryption tool useless.

No, there is no single “silver bullet” detection

Ransomware is a tricky, ever-evolving threat.  At its core, you usually have one developed program such as Cerber with new versions appearing from time to time. But, around this core there are dozens of different cryptors which can vary a lot in their attempts to avoid detection. With the Avira Protection Cloud, ransomware is looked at from all sides: Our detection is on the hunt for the outer layers of packaging and also for the core malware within. One simple detection is just not enough.

Yes, you can protect yourself.

You need to take a combination of technical steps on the device side – and some behavioral changes on your own.

  1. Micromanage your macros – Enable only digitally signed Microsoft Office macros and disable the rest.
  2. Stay updated and patched – Software is especially vulnerable to zero-day threats – and the bad guys know that. That’s why they make exploit kits which scan computers for an array of weak points. Get a software updater in place.
  3. Get a good AV software in place— AV can prevent ransomware from reaching your device. And if the bad guys are dissing Avira in their code, we must be doing something right.
  4. Backup your files – then disconnect the device — Back up your data at regular intervals then disconnect the hard drive from your machine. While ransomware tactics evolve rapidly, so far the bad guys can not encrypt what is not a live connection.
  5. Be skeptical about everything – If an email looks odd – whether it from a friend or a widow in distress – don’t open it or the attachments.

This post is also available in: GermanFrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.