Two new dangerous versions of the Cerber ransomware have been identified by security experts – Cerber 4.1 and Cerber 4.1.1. Learn all about the new threats and how to remove them by following this guide.
About the new Cerber 4.1 Ransomware
The Cerber virus was first updated with a major update that has been named Cerber 4.1 It uses the same random four-character extension which is used to rename the affected files. This virus shows typical ransomware behavior by searches for file name extensions that match its built-in list and encrypts them with a strong cipher and then appends the random extension. The ransom extension is based on the Windows registry value “MachineGuid” which shows the machine’s unique identification number used by the operating system.
This new Cerber ransomware has been developed by the computer criminals to be faster and more robust. An initial security analysis shows that the code has been optimized to be lighter and quicker to execute.
The captured ransomware samples were found in live attacks which indicates that the virus is actively being used by computer criminals against various targets. Coordinated attacks with Cerber 4.1 are most likely using the standard ransomware infection methods – email spam campaigns that contain infected binary files or link to infected data. In many cases the hackers use various social engineering tricks to lure the targets into executing the malware. Other ways of getting infected include malicious ads, software vulnerability kit attacks and payloads delivered by browser hijackers and Trojans.
To access the complete Cerber 4.1 removal instructions and to help protect your computer from infections click here.
The Dangerous Cerber 4.1.1
A new update followed shortly after the Cerber 4.1 release, the new iteration was immediately found and labeled as Cerber 4.1.1 ransomware. Security experts worldwide are still investigating the threat and detailed information is not yet available. This malware is distributed via a payload executable file which is usually a software installer disguised as a legitimate application or a freeware version that has been bundle with the dangerous code. Such software can easily be downloaded from untrusted sites and P2P networks like BitTorrent.
Cerber 4.1.1 features some dangerous features – it can modify and access the Windows Registry, manipulate the Windows clipboard and also all running services and programs. This means that it can potentially inject itself and spread across a wide range of system services, popular applications and other places and protect itself from anti-virus and anti-spyware solutions.
Like its predecessors this variant also use a strong cryptographic user to encrypt the target user data. Cerber 4.1.1 uses the psychological tactic of providing a limited one file decryption aid for free. This is a very popular way of extorting the ransom sum from the users by taking advantage of the situation. Here are some of reasons why they do this:
- The criminals take advantage of the compromised data and its potential sensitivity and importance. They promise the victims that upon verification that the transfer has been complete they will provide the decryption key which will restore access to the compromised data. However in many cases the hackers make copies of the files which they abuse – they can either leak the data or further blackmail the owners for more money.
- The hackers have an aggressive stance that discredit anti-virus and anti-spyware solutions by saying that they do not work. This is in fact untrue, as the quality tools can safely remove the threat and restore access to the compromised data.
- The computer criminals provide a convenient solution. However in many cases the users may not be comfortable to transfer money in the Bitcoin currency.
What Can We Expect in Future Cerber Updates
The Cerber family was updated in a surprise move. The two new Cerber samples were directly used in attack campaigns. As both of them featured substantial improvements over the original Cerber 4 code most anti-virus and anti-spyware solutions were not able to protect them.
Now as we gain more information about the ransomware we also have seen that most security vendors have updated their definitions sets to include the two new updates.
All of this means that further Cerber 4 updates might surprise us in various ways, including new features, more potent damage capabilities and infection methods.
About Ransomware Malware:
Ransomware is computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them