Cerber Ransomware Pardons Security Software
Cerber has slowly becoming famous. As of writing this, Cerber version 5 is already out in the wild. The new iteration of ransomware RANSOM_CERBER.F117AK has left the security products untouched. It has baffled security researcher. Moreover, this looks more like a challenge to antivirus and firewall company as cerber could encrypt files right under their nose.
Trend Micro research team has already mentioned about it. The new version mocks all security software by not touching its file and snooping around the system files. It encrypts all the files without touching the security software folder. Much to despise of anti malware and antivirus software, cerber ransomware decrypts all the possible extension and deletes shadow copy to make recovery impossible.
While there is no other information available, it seems that Cerber ransomware author are much more active than before. They keep improving their ransomware to cope up with all the latest patches. It is well known how quickly Cerber 3x patch was quickly patched by the creator.
As of writing this article, Cerber is now in v5. The above code (mentioned in the screenshot) shows how it does not touch Firewall, antispyware and antivirus product. There is no solution available to this ransomware. As per the report over 50% of users end up paying the ransom due to sensitivity of the data. Cerber is a big headache as it pardons no one. Since there is no solution available to decrypt the files for free, users end up paying ransom.
However, the good thing about them is that they are pretty quick in responding to user’s query. Victim can send them email or chat with them. Trend Micro and other researchers says that this is useless and Cerber do not encrypt exe, dll files and other applications in program files folder.
Cerber has also been available on rent or as a Raas service making it possible for everyone to use it to get ransom. Probably, it is used by underground world for the same purpose. It will only make matter worse for the normal user.
In case, if there is any solution made available to Cerber, we will let you know. Since it sends encryption key to the author, it makes pretty much difficult to trap it. Are you the victim of Cerber ransomware?
Credit [Bleeping computer]