Cerber: An Uninvited Guest You Must Pay to Leave

There’s a new strain of ransomware, yet again, and it goes by the name of Cerber. Cerber in itself has a new feature that makes it quite odd, it speaks to you. Yes, not only do you get to enjoy knowing your systems are infected with ransomware, but you also get to hear it. Over, and over, and over again.

It drops 3 #DECRYPTMEFILES# onto your computer, using the standard TXT format, HTML, and VBS (Visual Basic Script). These files will contain instructions on how and where to pay your ransom. The developers are selling the tools for Cerber as RaaS (Ransomware as a service) to anyone, even those without coding experience.

This is how the developers will make their profit from clients who collect the ransom payments.

The ransomware will run a scan on all of your drives, network shares, and unmapped shares. There will be a fake warning urging you to start the rebooting process. From here, it will configure itself to auto start when you log in; it runs as a screensaver and executes itself once every minute.

There will be a ransom note with the encryption notice along with a warning and a decryption method. You must pay a sum of usually 1.24 bitcoins (around $500 USD) within 7 days or it will double.

Fortunately, there is a way for you to avoid this without paying the unwanted guest to leave:

• Backups, backups, backups: Always use backups. Onsite and offsite, this can literally be the difference between saving and losing your data. Your crucial information needs to be dealt with great care, and always having it backed up in a safe and secure place does just that.
• Avoid potential threats: Never click, download, or open any suspicious links, emails or websites. Being aware of threats makes you a more cautious user.
• Educate your employees: Employees are your first line of defense; you need to ensure they are well trained. Perform proper awareness training often as your employees need to know what kind of threats they are up against.
• Update your security software: Always patch and update your anti-virus and firewall software. This will help you protect against the newest threats, some of which you may not even know of.

Sysoft takes security very seriously and it is our top priority to keep your business safe from internal and external threats. Fill out the form, email us at info@sysoft.ca or call us at (416) 410-7268 to talk about how we can safeguard against threats.