Updated Ransomware Leading New Attacks

Friday, October 14, 2016 @ 03:10 PM gHale

Cerber ransomware is truly getting around these days as it is now going out in at least three exploit kits, researchers said.

Cerber 4.0 released in October and has become popular among bad guys for use in malvertising campaigns.

Ransomware Decryption Tool Releases
Ransomware Changes Extension
Awareness on Rise, Bad Habits Thrive
Few Deploy Network Segmentation

In addition, three of the top exploit kits (EKs) — RIG, Neutrino, and Magnitude — switched to Cerber 4.0.

The new malware release is using a randomly generated file extension -– previously, the ransomware was using the .cerber3 extension (.cerber and .cerber2 before that) — and has shifted from an HTML ransom note to an HTA one.

Cerber has received rapid updates that increased its popularity among EKs, Trend Micro security researchers said in a blog post.

Most recently, the RIG toolkit was employing Cerber 4.0. The Magnitude exploit kit is also using Cerber in a malvertising program.

Additionally, a campaign that usually employs a casino-themed fake advertisement which previously delivered the Andromeda or Betabot malware switched to Cerber 4.0 on Oct. 4, Trend Micro reserchers said. The campaign was using RIG to drop the new ransomware variant.

Another interesting campaign focused on distributing Cerber 4.0 starting with October 3 is leveraging the Neutrino exploit kit and targets users in the US, Germany, Spain, Taiwan and Korea.

“Ransomware is an evolving threat, and the most fundamental defense is having proper backup processes in place. Follow the 1-2-3 rule: 3 copies, 2 devices, and 1 stored in a secure location,” researchers said. “Data loss is manageable as long as regular backups are maintained. Malvertising and exploit kits in general are being developed and improved constantly by cybercriminals, so keeping software updated with the latest security patches is critical for users and enterprises. This includes both the operating system and all applications being used. Make sure there is a security system in place that can proactively provide a comprehensive defense against attackers targeting new vulnerabilities.”