There’s a new strain of ransomware, yet again, and it goes by the name of Cerber. Cerber in itself has a new feature that makes it quite odd, it speaks to you. Yes, not only do you get to enjoy knowing your systems are infected with ransomware, but you also get to hear it. Over, and over, and over again.
It drops 3 #DECRYPTMEFILES# onto your computer, using the standard TXT format, HTML, and VBS (Visual Basic Script). These files will contain instructions on how and where to pay your ransom. The developers are selling the tools for Cerber as RaaS (Ransomware as a service) to anyone, even those without coding experience.
This is how the developers will make their profit from clients who collect the ransom payments.
The ransomware will run a scan on all of your drives, network shares, and unmapped shares. There will be a fake warning urging you to start the rebooting process. From here, it will configure itself to auto start when you log in; it runs as a screensaver and executes itself once every minute.
There will be a ransom note with the encryption notice along with a warning and a decryption method. You must pay a sum of usually 1.24 bitcoins (around $500 USD) within 7 days or it will double.
Fortunately, there is a way for you to avoid this without paying the unwanted guest to leave:
Sysoft takes security very seriously and it is our top priority to keep your business safe from internal and external threats. Fill out the form, email us at firstname.lastname@example.org or call us at (416) 410-7268 to talk about how we can safeguard against threats.