sb-as logo
Story image

What makes the Cerber ransomware so agile?

09 May 2017

The Cerber ransomware has been one of the most nimble, varied and dominant malware strains on the market — almost neck-and-neck with Locky.

A recent blog from Trend Micro analysed what makes the Cerber ransomware so fluid, and the answers may be more complex than first thought.

According to Trend Micro’s Smart Protection Network, the US takes the brunt of infections, but Japan accounts for 4.63%; Australia for 2.53%; and China for 1.1%.

The blog says that the ransomware variations are evading even machine learning techniques as it stays one step ahead of the security companies trying to catch them.

Cerber has been on the scene for just over a year and made its name by being sold by cybercriminals as ransomware-as-a-service. The creators earn as much as 40% for every ransom paid by the victim.

But the biggest issue is that creators are constantly modifying the ransomware to make it appeal to potential buyers. Trend Micro says that servers morphed the Cerber ransomware every 15 seconds.

Trend Micro explains that spam emails, exploit kits and infections carry the bulk of Cerber ransomware. When a victim clicks a link or opens the message, the program will start background downloads and file encryption. It chooses selected folders and files, primarily those in shared networks and all machine drives.

While the ransomware has been going after Office 365 and other business programs, how do organisations protect themselves?

Trend Micro says that machine learning is a start, but the Cerber ransomware is evading even the most advanced file detection. It does this by breaking up its stages into files and running processes, which means it’s very hard for security products to spot.

Trend Micro says that a proactive, multilayered security approach is a step in the right direction. Security should be monitoring serviceOKs and applications, as well as any unauthorised application requests and permission changes.

Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Thycotic releases new integrations to bolster account governance
“Service accounts are often left defenceless, even by enterprises with established programs for privileged user security."More
Story image
Fujitsu, Trend Micro team up to secure private 5G
"We believe that this security solution represents a key technology for applying private 5G to mission-critical areas."More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More