Ransomware Stars in Blank Slate Attack

Friday, March 24, 2017 @ 10:03 AM gHale


A new campaign called Blank Slate is now leveraging Cerber ransomware.

The attack goes out with no message text and there’s nothing there to indicate what the attachments are, said researchers at the SANS Internet Storm Center. The subject line and attachment names are vague and consist of random numbers, which is how we all title most of our files. That is why they called the attack Blank Slate.

RELATED STORIES
Spock, Kirk, Star in Ransomware
New Ways to Hide Ransomware
Ransomware Hit 61% of Companies
MacOS Ransomware Decryption Tool Issued

The file attachments end up double-zipped, which has a zip archive within another zip archive. That is where there is a JavaScript file or a Microsoft Word document infected with Cerber. For the JavaScript file, a double click will end up with the infection, while for the Word document, the victim will have to enable macros.

The Blank Slate campaign has been used before with other types of ransomware, but this time around, Cerber appear front and center.

Cerber is a ransomware that will encrypt documents, photos, databases and other important files on your computer. To get the decryption key, victims are usually told to pay a ransom of $500 in Bitcoin.

I always wonder how effective campaigns like this are,” Brad Duncan from SANS Internet Storm Center said in a blog post. “Potential victims must open an attachment from a blank email, go through two zip archives, then double-click the final file. If the final file is a Word document, the victim must also enable macros. And that works on default Windows configurations. But properly-administered Windows hosts and decent email filtering are enough, I think, to keep most people from worrying about it. I’m far more interested in the cycle of abuse targeting hosting providers. Without web servers to host ransomware binaries, Blank Slate cannot continue its current method of operations.”



Leave a Reply

You must be logged in to post a comment.