Cerber


Introduction A new unversioned Cerber has surfaced! It appears that the author(s) of Cerber is working hard to make more money during Christmas season. This latest version has relatively more changes as compared to the previous versions. The version number has now been removed from the desktop wallpapers of the infected machines, and this new Cerber release no longer has an apparent version number, which might make the tracking of the Cerber family more difficult than before. Another noticeable change is that the modified wallpaper now comes... [Read More]
by RSS Sarah (Qi) Wu, Jacob (Kuan Long) Leong  |  Dec 09, 2016  |  Filed in: Security Research
Introduction A new update of Cerber Ransomware, Cerber 5.0.1, has just arrived, appearing shortly after Cerber 5.0.0. had been released. Cerber 5.0.1 handles multithreading differently when it comes to encrypting files, probably aiming for better performance. It also changes the instruction file name from “README.hta” to “_README_.hta”.  The intention of this might be to avoid simple AV detection, such as checking instruction file names. The major updates in the new version are described in the following sections.  New... [Read More]
by RSS Sarah Wu, Jacob Leong  |  Dec 02, 2016  |  Filed in: Security Research
Cerber 4.1.0 is already here!  In this blog we will share information about this updated version uncovered by Fortinet, including its differences and similarities compared to previous versions.  Cerber is a classic ransomware tool that encrypts victims’ files and then demands payments to decrypt them. Victims are given a period of time for making the payments and then (hopefully) having their original unencrypted files restored. Cerber marks encrypted files with a specific extension. In previous versions (Cerber 2 and 3), encrypted... [Read More]
by RSS Sarah (Qi) Wu and Jacob (Kuan Long) Leong  |  Oct 31, 2016  |  Filed in: Security Research
FortiGuard Labs uses the data it gathers from its over 2 million security sensors to keep an eye on trends related to ransomware--one of the areas of greatest concern when it comes to cyber security threats today.As a result of this effort, we previously talked about Locky’s rapid rise in prevalence in the first two weeks of its appearance. This time, we have observed yet another new ransomware family – Cerber – to be rapidly gaining prevalence in the wild. We gathered FortiGuard Intrusion Prevention System (IPS) telemetry... [Read More]
by RSS Kenichi Terashita and Roland Dela Paz  |  May 26, 2016  |  Filed in: Security Research