Updated Ransomware Releases

Tuesday, August 9, 2016 @ 08:08 AM gHale


After researchers decrypted the first version, an updated version of the Cerber ransomware just released.

That means right now files encrypted with Cerber2 end up locked unless the victim pays the ransom.

RELATED STORIES
Locky Top Malware Threat for Q2
Cops, Researchers Fight Ransomware
Another Decrypted Piece of Ransomware
Ransomware Knock Off a Weaker Version

Trend Micro last month released a tool that could decrypt files encrypted by ransomware families and versions. Among these is the first version of Cerber, along with CryptXXX, BadBlock, and TeslaCrypt.

Trend Micro researcher named PanicAll said the Cerber ransomware author must have looked at the decryption code and found a way to get around it.

Files encrypted by Cerber2 get the .cerber2 extension, and the malware shows a new ransom message.

The encryption method has also changed: Cerber2 now uses the Microsoft API CryptGenRandom to generate the 32-bytes-long encryption key.

Finally, the new variant also uses a packer to make malware analysis more difficult.