Cerber 6 Ransomware
Cerber Ransomware has taken the cyber world by storm by taking over 87% share in terms of cyber attacks via Ransomware in 1st Quarter of 2017. As if this wasn’t enough for the cyber-criminals, Cerber 6 is slowly taking its shape to rule the cyber world as per Trend Micro.
The ransomware is spread smartly via Spam Emails which includes a malicious JavaScript File. Once the user downloads the file, it executes the payload which runs Cerber 6 Ransowmare right after 2 minutes in the background. At times, it can also run embedded PowerShell script. Here’s how it looks like:
As of now, there’s no word on the decryption of Cerber 6 ransomware. But if you are the victim of any other ransomware released previously, you can check out these ransomware decryptor tools listed by us.
It’s not only personal computers (at home or office) but we have also observed that sectors like healthcare, government offices, transport industries, hotels and many more got affected due to various Ransomware in 2017. According to Trend Labs blog post, it is estimated that cybercriminals have earned over $2 Million via Ransomware-as-a-service in just commissions (40%) in a month (2016 4th quarter). United States is on top (84%) for being hit by Cerber Ransomware followed by Japan, Taiwan, Australia & China.
Can Cerber 6 Ransomware be Removed?
No! There are no Cerber removal tools available for Cerber 2, 3, 4, 5 & 6. The only tool available is for Cerber V1. However, you can check out the tools provided by Avast in case if your system is hit by any other Ransomware. The advancement in technology has made Cerber ransomware so tough to detect that a normal user can be easily bluffed. Getting an anti-virus protection isn’t enough these days!
The Cerber Ransomware keeps on updating on regular basis making it difficult for the security experts to find a proper solution for all Cerber Ransomware versions. “While Cerber’s distribution methods remain consistent, we’ve seen newer variants delivered as self-extracting archives (SFX package) containing malicious Visual Basic Script (.VBS) and Dynamic-link library (.DLL) files that execute a rather intricate attack chain compared to other versions. While these Cerber-carrying SFX packages aren’t prevalent in the wild right now, it’s one of the signs of things to come for Cerber,” says Trend Labs report in its blog.
| Cerber v1, v2 and v3 | Cerber v4 | Cerber v5 | Cerber SFX | Cerber v6 | |
| File Type | EXE | EXE | EXE | SFX (Loader) VBS, DLL | EXE |
| Exceptions (Cerber doesn’t execute if it detects certain components in the system) | Language in v1 and v3*
Language and antivirus (AV) for v2* |
Language* | Language* | AV, VM, Sandbox (Loader*), and Language* | Language* |
| Anti-AV Routine | None | None | None | None | EXE files of AV, Firewall and Antispyware products set to be blocked by Windows firewall rules* |
| Anti-sandbox | None | None | None | VM and Sandbox (Loader*) | VM and Sandbox (Loader*) |
| Backup Deletion | Yes (vsadmin, WMIC, BCDEdit)* | Yes (WMIC)* | Yes (WMIC)*
Removed in v5.02 |
Varies (some samples have backup deletion capabilities) | Varies (some samples have backup deletion capabilities) |
| Exclusion List (directories and file types Cerber doesn’t encrypt) |
Folder and file* | Folder and file* | Folder and file*; and AV, Antispyware, and Firewall directories | Folder and file*; and AV, Antispyware, and Firewall directories | Folder and file* |
The table above prepared by Trend Micro showcases the evolution of Cerber Ransomware over the times. It doesn’t matter how many new Ransomware come and go, Cerber is surely going to rule the market due to its highly sophisticated source code. Exclusive features like Anti-Sandboxing and Anti-VM in recently released Cerber 6 Ransomware makes it ever stronger to detect and stop installing on your computers & laptops.
Security researchers suggest that it’s not only PC or laptop users, there’s a lot of danger for smartphone users as well because of few apps found on Google Play spreading Ransomware. In 2017, it’s gonna be Cerber everywhere if this continues to be the same until final quarter of this year.