Yes, this is a thing now! I can’t believe I’m writing a post about the leader in Ransomware. But it is 2017 and we’re now entering the formative years of this relatively new threat…
Cerber, has been one of the most active malware families over the past year and has increased its share of the ransomware market to 87% in the first quarter of 2017. What’s significant for business’s is the fact that Cerber is primarily targeting corporate machines over home users, reports Microsoft.
The Cerber threat accounted for 70% of the ransomware market in January and has continually increased its share through February and March, amid a major decrease in the traditional Locky attacks. Malwarebytes, “Cybercrime tactics and techniques Q1 2017″ report (PDF) reads.
What is Cerber?
The Cerber Ransomware is an infection, similar to Locky, Spora, Sage and the now defunct TeslaCrypt, that is used to encrypt the victims’ files. The Cerber Ransomware adds the extension CERBER to every file it encrypts. After the Cerber has encrypted some of the files of the victim, it demands the payment of a ransom (usually by Bitcoin) in exchange for the decryption key. According to Cerber Ransomware’s ransom note, computer users have one week to pay the ransom amount before this amount is doubled.
Cerber’s sole reason for existence is to extort money illicitly from you and your business. The creators of Cerber have designed it to work as a business model for cybercriminals and is also available as a Ransomware as a Service (RaaS). What this means is that it is readily available to cybercriminals who may have little or no coding knowledge but simply a means to distribute it. What’s more, the malware features military-grade encryption, offline encrypting, and various other features that makes it attractive to the cybercriminals.
In February, we posted an article entitled “Ransomware: Common Bad Practices Are Your Biggest Threat”. In this article, we suggested a guide, we call C.U.B.E, detailing some of the steps you should take to mitigate you chances of attack.
- Communicate: with employees to develop a strategy to inform employees if a virus reaches the company network.
- Update: all software, including operating systems, antivirus software and all other applications.
- Back Up: all information every day, including information on employee devices, so you can restore encrypted data if attacked. It is strongly advised that you use an online backup service.
- Educate: staff on cyber security practices, emphasising not opening attachments or links from unknown sources.
No matter what anybody tells you, there simply is no sure-fire way to guarantee that you won’t be the victim of a ransomware attack. What you can do however is backup your data online. Online backup ensures that, should you fall victim to an attack you have a means of restoring your data quickly to guarantee, the continuity of your business. Please read our article on “Online Backup V Online Storage” for further information.
Unfortunately, ransomware is here to stay and the more we rely on the internet, the more likely we are to fall victim to cybercriminals. As I’ve said, neither IT.ie nor any IT support company can guarantee that you won’t fall victim to attack. What we can do is advise you and support you with the very latest weapons available to fight cybercrime. I strongly urge you to implement the C.U.B.E system and if you don’t already have online backup, get it now!