The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You

The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You

The IT community is trying to prevent the spread of dangerous new ransomware called Cerber that we have seen spread rapidly over the last few days. An article two days ago points out that 2016 is shaping up as the year of ransomware so this is a reminder to please be vigilant when opening attachments in emails and avoid/close any popups in your browser on uncommon or random websites that you stumble upon.

More information...

What is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

What does it do?

This week's ransomware is more dangerous than previous infections because we found that a single user on a computer network can infect the entire network including external drives and shared network hard drives within a matter of hours.

***PLEASE DO NOT open attachments from unknown senders or suspicious emails, do not click on popups on websites, and report any suspicious computer behavior to support@nero-consulting.com. ***

What happens if I get infected?

Here is the high level with my comments in bold.

  • When infected, a victim's data files will be encrypted using military grade AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. (This is actually a complicated process because one needs to first convert US dollars to BitCoin)
  • Unfortunately, at this point there is no known way to decrypt a victim's encrypted files without paying a ransom (having a good backup is the only way to restore files)
  • When infected, you will see a popup telling you that your computer is infected, usually a countdown clock is displayed along with a ransom note. Newer ransomware actually speak to you with instructions. **IF THIS HAPPENS TO YOU, IMMEDIATELY DISCONNECT FROM THE INTERNET/WIFI, CALL I.T., TO STOP THE SPREAD.

What we know about Cerber

At this time we do not currently know how the Cerber ransomware is being distributed, but we know it is being offered as a service that means that it is probably a new Ransomware as a Service, or RaaS, where affiliates can join in order to distribute the ransomware, while the Cerber developers earn a commission from each ransom payment. Ransomeware is big business and it is costing businesses a lot of money and time as evidenced with last month's hospital breach.

Sources:

This message is sent on behalf of the Nero Support Team.