Cerber Ransomware Abuses Data Encryption to Ransom Computer Files

Any weapon can be used to attack and to protect. Originally, data encryption has been though as means of ensuring the privacy of communication. It is still widely used for that purpose.

Alas, recent years have been marked by massive abuse of data encryption in the web. The criminals apply the most modern encoding techniques depriving us of access to our data. That is, infections like the Cerber ransomware encrypt data on the computers they manage to get into. The key that can decrypt the information is only available at the hacker’s site, which is virtually impossible to access.

In the case of Cerber encryption virus, the files get appended with same-name extension. That is obviously why the infection is known as Cerber Trojan. The virus impacts on data beyond the target machine, if such is available from the compromised device. That makes it a critical issue for corporate and other local networks. A single invasion may affect the information relevant to many users. It may be very important corporate data stored on the corporate server.

On the other hand, the malware propagation pattern is remarkable simple. Multiple criminals groups are known to spread the infection, but most of them stick to the spamming as a prevailing infection vector. The spamming features an email that pretends to be a notification on invoice delivery etc.
The invoice is attached as a Word document. However, the reader can decipher nothing as the body of the document presents no meaningful sequences. The situation is quite familiar to the viewer. MS Word often fails to read the text as a proper coding is missed.

The hackers lure users to run macro inserting relevant invitation into the document body. Unfortunately, to o many people have agreed – just to get the ransomware installed and the data scrambled for ransom.

The infection prompts the users to buy access to the locked items. For that purpose, it overlaps the entire desktop with its ransom note. The same is created in each folder. The payment is due in bitcoins and is to be effected in the TOR network. That further contributes to the anonymity of the crooks behind the Cerber ransomware.

It is hard to recover the data affected by the malware. First of all, one neither shall nor rush headlong into paying the ransom as demanded by the crooks. Instead, try some white hat recipes to kill the ransomware and restore readability of the most recent copies of the data hit by the malicious encryption.

 
1
Kudos
 
1
Kudos

Now read this

Get rid of RSA-4096 ransomware and restore access to affected data through recovery routines

RSA-4096 (all of your files were protected by a strong encryption with rsa-4096) is a header of the message the victims of ransomware stumbles upon. The message is basically a ransom note. It says that your data has been encrypted. User... Continue →