Cerber ransomware sold as a service

Cerber ransomware sold as a service, speaks to victims
Cerber has taken creepiness for victims and affordability for criminals to a new level

Digital key Credit: IDGNS

• 1Comment
  Lucian Constantin
  IDG News Service
  • Mar 4, 2016 6:36 AM
  A new file-encrypting ransomware program called Cerber has taken creepiness for victims, but also affordability for criminals, to a new level.
  
  In terms of functionality Cerber is not very different than other ransomware threats. It encrypts files with the strong AES-256 algorithm and targets dozens of file types, including documents, pictures, audio files, videos, archives and backups.
  
  The program encrypts file contents and file names and changes the original extensions to .cerber. It can also scan for and encrypt available network shares even if they are not mapped to a drive letter in the computer.
  
  Once the encryption process is done, Cerber will drop three files on the victim's desktop named "# DECRYPT MY FILES #." They contain the ransom demand and instructions on how to pay it. One of those files is in TXT format, one is HTML and the third contains a VBS (Visual Basic Scripting).
  
  The VBS file is unusual. According to Lawrence Abrams, administrator of the technical support forum BleepingComputer.com, the file contains text-to-speech code that converts text into an audio message.
  
  "When the above script is executed, your computer will speak a message stating that your computer's files were encrypted and will repeat itself numerous times," Abrams said in a blog post.
  
  According to Cyber intelligence outfit SenseCy, Cerber's creators are selling the ransomware as a service on a private Russian-language forum. This makes it available to low-level criminals who might not have the coding skills or resources to create their own ransomware. It also means that this threat might see widespread distribution.

http://www.pcworld.com/article/3040750/cerber-ransomware-sold-as-a-service-speaks-to-victims.html

 

Yep, i have heard lots of time that those bustards all hide in Russia. It would be no wonder if the scam is run in agreement with Mr. Poo-tin. Maybe there is a way to restrict the traffic running out of there?

 

Meanwhile, it is crucial to remove the ransomware, for it is definately not going to let you out even if you pay the ransom http://nabzsoftware.com/types-of-threats/cerber-file ('the need to remove the pest is indisputable as it has been reported to promote other Trojans while operating.')

 

It sounds as if you don't realize the virus can be removed easily but it is the damage it does to your files and data that remain and have to be dealt with.

 

Thanx for your remark!
I do realize the data recovery is the challange, yet we must not abandon the virus itself. It communicates with remorte server and any time may launch another malicious campaign. Every decent guidance recomends both to remove the virus (ok, that is not too complicated) and recover the data, including with the tools like data recovery pro. if the ransomware have removed original files, the above solution may actual retrieve the data you need

 

'So tools like Data Recovery Pro can restore the deleted objects even if they got removed in a secure way. ' cited again from http://nabzsoftware.com/types-of-threats/cerber-file

 

I know that is possible just not likely is all. As I said removing the virus is easy. There are many products IE Nod32, Malwarebytes Pro, Emsissoft, and Kaspersky who claim they can repel it but how would any of us prove that is my problem as I am not about to try any testing with that virus.

 

Hence forth why we also instruct computer users to back up their data on regular basis to a removable external device.

 

Also as I mentioned earlier, it is critical to disconnect the external drive IMMEDIATELY after creating a backup.

 

I used to use an external drive for backups. But now I use dropbox and another cloud service to backup dropbox.

 

Good point that way you can have access to some of the files on almost any system.

 

Right on Rustys!