What is Cerber?

Cerber is a ransomware-type malware that infiltrates systems, encrypting various file types including .jpg, .doc, .raw, .avi, etc. Cerber adds a .cerber (some variants add .cerber2 or .cerber3) extension to each encrypted file. Notice that some variants of this ransomware add random file extensions – for example: “.ba99”, ”.98a0“, “.a37b“, “.a563” etc. Following successful infiltration, Cerber demands a ransom payment to decrypt these files. It is stated that payment of the ransom must fall within the given time frame (seven days), otherwise the ransom amount will double. Some variants of this ransomware disclose their versions – for example: Cerber Ransomware 4.1.5″, “Cerber Ransomware 4.1.6”, “Cerber Ransomware 5.0.0”  ( the latest variant demands a ransom of $499) etc.

During encryption, Cerber creates three different files (#DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, and #DECRYPT MY FILES#.vbs) containing step-by-step payment instructions (never variants use only one file “_README_.hta“) in each folder containing the encrypted files. The message within these files states that users can only decrypt their files using a decryptor developed by cyber criminals (called ‘Cerber Decryptor’). The #DECRYPT MY FILES#.vbs file contains a VBScript, which when executed, plays the message, “Your documents, databases and other important files have been encrypted!” through the computer speakers. To download the decryptor, a ransom payment of 1.24 BitCoin (at time of research, equivalent to $546.72) is required. If the ransom is not paid within seven days, it doubles to 2.48 BTC. It is also stated that users can only pay using the Tor browser and by following instructions within the indicated website. Unfortunately, at time of research, there were no tools capable of decrypting files affected by Cerber. Therefore, the only solution to this problem is to restore your system from a backup.

After encrypting files, Cerber ransomware changes desktop wallpaper:

cerber-main-updated

Some Practices to avoid this kind of attacks;
1. A great #firewall ( fortigate) to filter your traffic and monitor your emails against unwanted attachment. OR any firewall but make sure its running.
2. A great Anti-virus ( SEP, kaspersky, malwarebytes, AVAST ) are the best tools to detect and stop Ransomware in there tracks. unless there are new versions of the attack. Remember all AV learn from there network so if something is reported with this bug the AV company can respond.
3. 3 party email filter (Hosted email filtering solution ) Best way to keep your email clean in a business environment.
4. Remember all website are potential infection points. So if you want to keep you system clean, Don’t Browse ( ya Right). Just think before you click ( is this a safe site).
5. Backup , Backup , Backup and well Backup. more importantly keep your data safe. there are more methods of backing up your data then you think (free and non-free)( Acronis true image is a great tool , backup exec , veem are great for business also)
6. Must Create a Restore point, this will help you in restoring your last version of your data (in case you have been victim of any attack)
Please Do Practice! otherwise #CerberRansomware will encrypt your data
Share.

About Author

ICT Professional, Freelance Blogger

Leave A Reply