Story image

What makes the Cerber ransomware so agile?

09 May 2017

The Cerber ransomware has been one of the most nimble, varied and dominant malware strains on the market — almost neck-and-neck with Locky.

A recent blog from Trend Micro analysed what makes the Cerber ransomware so fluid, and the answers may be more complex than first thought.

According to Trend Micro’s Smart Protection Network, the US takes the brunt of infections, but Japan accounts for 4.63%; Australia for 2.53%; and China for 1.1%.

The blog says that the ransomware variations are evading even machine learning techniques as it stays one step ahead of the security companies trying to catch them.

Cerber has been on the scene for just over a year and made its name by being sold by cybercriminals as ransomware-as-a-service. The creators earn as much as 40% for every ransom paid by the victim.

But the biggest issue is that creators are constantly modifying the ransomware to make it appeal to potential buyers. Trend Micro says that servers morphed the Cerber ransomware every 15 seconds.

Trend Micro explains that spam emails, exploit kits and infections carry the bulk of Cerber ransomware. When a victim clicks a link or opens the message, the program will start background downloads and file encryption. It chooses selected folders and files, primarily those in shared networks and all machine drives.

While the ransomware has been going after Office 365 and other business programs, how do organisations protect themselves?

Trend Micro says that machine learning is a start, but the Cerber ransomware is evading even the most advanced file detection. It does this by breaking up its stages into files and running processes, which means it’s very hard for security products to spot.

Trend Micro says that a proactive, multilayered security approach is a step in the right direction. Security should be monitoring serviceOKs and applications, as well as any unauthorised application requests and permission changes.

Why an IT resilient strategy needs to be in the modern CIO’s toolkit
"Having an IT resilience strategy in place allows an organisation to smoothly adjust to change."
Tollring partners with Novum Networks for call analytics
Novum Networks has added the full complement of Tollring’siCall Suite cloud analytics to its product portfolio.
Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.
Data#3 wins learning and development award two years running
Chief Learning Officer magazine’s LearningElite programme honours the best organisations for learning and development.
Avaya partners with Standard Chartered to deliver CX transformation
"Avaya is proud to be supporting this venerable financial institution as it continues to evolve and transform to meet the needs of its clients.”
Hootsuite leads the social engagement charge - Forrester report
“Hootsuite leads the pack with its seller focus and scale,” writes Forrester principal analyst Mary Shea.