Cerber Ransomware

So the newest threat to your computer files is called Cerber. The name is used by attackers to replace your normal file extensions after the files have been encrypted. For example, mynovel.doc becomes mynovel.cerber. Once this happens, there is no way for you to access the file. Even if you rename it back to mynovel.doc, the file is now encrypted and you cannot access it until it is decrypted. How do you decrypt it? Well, you probably don’t. It’s gone; it’s lost. You might as well delete it. The attackers hold you for ransom. If you pay, you may get a decryption key and instructions or you may just lose your money in addition to your files.

One of the big issues with Cerber is the files it chooses to encrypt. It leaves your Windows system files alone and some other things. The attacker does not want to disable your ability to pay up. The point is to provide you with incentive to pay. The truly scary part of Cerber for me is the attached backup drives and network drives it includes in the attack. I have a single backup drive and a network drive which are always attached or available on my PCs. If I lose them, well, you know…I’m ________!

What can you do?

  1. Install Malwarebytes’ Anti-Ransomware: the software is in Beta version but has successfully stopped Ransomware attacks in testing. I have been running it about a week now with no ill effects to my system performance. The only thing this software does is stop any process attempting to encrypt a file. You can tell it to exclude certain things if you purposely encrypt some things on your machine. It can be downloaded here: Malwarebytes Anti-Ransomware.
  2. If you hear the following, immediately close your browser window and do whatever you do when you want assistance from a higher power: Attention! Attention! Attention! “Your documents, photos, databases and other important files have been encrypted!” I have heard this once already and my PC was unscathed after immediately closing my browser window. It may be a copycat audio file or Cerber did not have time to download everything it needed to execute.
  3. Disconnect your backup drive from your PC except during scheduled backups. You can also get a second backup drive and switch them out weekly. If you don’t perform backups regularly, go get your self an external drive and make a backup of all those important family photos. In addition, you could look into Google Drive or Office 365 BUT do not install the local software to your machine. Why? As soon as ransomware encrypts the local files, the software will start making those changes in your cloud drive. Not a good thing!

For more information and a description of the Cerber attack, these links are helpful:

https://blogs.technet.microsoft.com/mmpc/2016/03/09/the-three-heads-of-the-cerberus-like-cerber-ransomware/

https://blog.fortinet.com/2016/05/26/cerber-ransomware-marks-its-presence-in-the-wild-catches-up-with-cryptowall-and-locky