Story image

What makes the Cerber ransomware so agile?

09 May 17

The Cerber ransomware has been one of the most nimble, varied and dominant malware strains on the market — almost neck-and-neck with Locky.

A recent blog from Trend Micro analysed what makes the Cerber ransomware so fluid, and the answers may be more complex than first thought.

According to Trend Micro’s Smart Protection Network, the US takes the brunt of infections, but Japan accounts for 4.63%; Australia for 2.53%; and China for 1.1%.

The blog says that the ransomware variations are evading even machine learning techniques as it stays one step ahead of the security companies trying to catch them.

Cerber has been on the scene for just over a year and made its name by being sold by cybercriminals as ransomware-as-a-service. The creators earn as much as 40% for every ransom paid by the victim.

But the biggest issue is that creators are constantly modifying the ransomware to make it appeal to potential buyers. Trend Micro says that servers morphed the Cerber ransomware every 15 seconds.

Trend Micro explains that spam emails, exploit kits and infections carry the bulk of Cerber ransomware. When a victim clicks a link or opens the message, the program will start background downloads and file encryption. It chooses selected folders and files, primarily those in shared networks and all machine drives.

While the ransomware has been going after Office 365 and other business programs, how do organisations protect themselves?

Trend Micro says that machine learning is a start, but the Cerber ransomware is evading even the most advanced file detection. It does this by breaking up its stages into files and running processes, which means it’s very hard for security products to spot.

Trend Micro says that a proactive, multilayered security approach is a step in the right direction. Security should be monitoring serviceOKs and applications, as well as any unauthorised application requests and permission changes.

The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."