Results for cerber

Threat Research

Research: A New Christmas Decorated Cerber Ransomware Has Arrived

Introduction A new unversioned Cerber has surfaced! It appears that the author(s) of Cerber is working hard to make more money during Christmas season. This latest version has relatively more changes as compared to the previous versions. The version number has now been removed from the desktop wallpapers of the infected machines, and this new Cerber release no longer has an apparent version number, which might make the tracking of the Cerber family more difficult than before. Another noticeable change is that the modified wallpaper now comes...

By Sarah (Qi) Wu and Jacob (Kuan Long) Leong December 09, 2016

Threat Research

Cerber 5.0.1 Arrives with New Multithreading Method

Introduction A new update of Cerber Ransomware, Cerber 5.0.1, has just arrived, appearing shortly after Cerber 5.0.0. had been released. Cerber 5.0.1 handles multithreading differently when it comes to encrypting files, probably aiming for better performance. It also changes the instruction file name from “README.hta” to “_README_.hta”.  The intention of this might be to avoid simple AV detection, such as checking instruction file names. The major updates in the new version are described in the following sections.  New...

By Sarah Wu and Jacob Leong December 02, 2016

Threat Research

The First Major Update of Cerber 4 Ransomware Has Surfaced

Cerber 4.1.0 is already here!  In this blog we will share information about this updated version uncovered by Fortinet, including its differences and similarities compared to previous versions.  Cerber is a classic ransomware tool that encrypts victims’ files and then demands payments to decrypt them. Victims are given a period of time for making the payments and then (hopefully) having their original unencrypted files restored. Cerber marks encrypted files with a specific extension. In previous versions (Cerber 2 and 3), encrypted...

By Sarah (Qi) Wu and Jacob (Kuan Long) Leong October 31, 2016

Threat Research

Cerber Ransomware Marks Its Presence in the Wild, Catches up with CryptoWall and Locky

FortiGuard Labs uses the data it gathers from its over 2 million security sensors to keep an eye on trends related to ransomware--one of the areas of greatest concern when it comes to cyber security threats today.As a result of this effort, we previously talked about Locky’s rapid rise in prevalence in the first two weeks of its appearance. This time, we have observed yet another new ransomware family – Cerber – to be rapidly gaining prevalence in the wild. We gathered FortiGuard Intrusion Prevention System (IPS) telemetry...

By Kenichi Terashita and Roland Dela Paz May 26, 2016