Standard Office Systems Blog

Cerber Ransomware Removal: Analysis, Fixes and Best Practices

Written by Daniel Gray | 8/2/18 3:26 PM

RANSOMWARE | 10 MIN READ

Cerber is one of the most common variants of ransomware plaguing the internet, today. In this article, we will discuss in detail what it is, where it comes from, what it does, and finally, how to prevent an attack, including what to do if you are attacked.

READ: How Does Ransomware Work?

Don't have 10 minutes? Skip: Cerber Ransomware Fixes

What is Cerber Ransomware?

Although it is difficult to confirm, many believe that Cerber originated out of Russia in 2016 (or at least that area of the world). It attacks have been targets outside of the former Soviet Union and tend to thrive as a popular tool that is purchased through Russian forums on the dark web (spooky stuff).

Cerber is different than traditional ransomware because it employs a distribution technique that permits the malware to be hired by criminal hackers. This hacking innovation is popularly referred to as Ransomware as a Service (RaaS) and is much more challenging to track and stop because it isn't connected to a single source.

As I mentioned, this makes Cerber much harder to stop, and if that wasn’t enough, the developers of Cerber designed it so that it can continue to work offline  - not connected to the internet - once it has been uploaded to a victim’s computer.

The result of a Cerber attack? A ransom message that looks like the one below on a victim’s desktop or encrypted files. The message is simple: pay the requested ransom or your encrypted data and files will be destroyed.

 

How Does Cerber Ransomware Work?

Like traditional ransomware, Cerber uses phishing techniques to infiltrate a network or computer. In a nutshell, phishing techniques are fraudulent attempts by a hacker to gain a victim’s trust and encourage them to click on a link embedded in an email that contains malicious software. This is a popular form of social engineering.

READ: What is Social Engineering?

Once a victim inadvertently downloads Cerber, their files are encrypted (utilizing RC4 and RSA algorithms), and a ransom is demanded. At that point, the customer must make some tough decisions that will be discussed later in this article.



The picture above is an example of what a Cerber attack can look like. If you see this message on your desktop or instead of a file, you've become a Cerber ransomware victim.

How Effective is Cerber Ransomware?

Cerber must be doing its job correctly. Estimates claim that Cerber generated $2.3 million from victim’s, starting in 2016 alone. Cerber targets Windows users because PCs are still the most popular personal computing choice on the market.

150,000 Windows users were affected in a single year! The more alarming statistic – that number was generated through a mere 161 Cerber ransomware efforts.

Cerber has become a popular tool for criminals because it gives them an almost certain payday with little work on their part (the criminal hiring the hacker usually receives around 60% of the ransom).

The gain for the hacker is a reduced risk of being caught and multiple criminal employees to do their bidding. It becomes a win-win for all involved.

 

Cerber Ransomware Fixes

There is good news and bad news. The bad news is that if you are currently experiencing a Cerber attack, there isn’t much that can be done. But keep reading and I’ll offer some advice.

I know what you’re thinking: can’t I just delete the Cerber file? It’s true, the Cerber file could be deleted, but unfortunately, it's gotten more complicated than that.

When Cerber first came on the scene, the file was labeled with a .cerber extension. Now, the file is uploaded with a random file extension (think of it as the computer equivalent of the common cold).

If you have been unfortunately attacked by this nasty form of malware, you have two decisions that you can make. You can pay the ransom (read about ransomware statistics in our “How Does Ransomware Work?” article) or you can decide that the data is not that valuable and you are fine with not having it returned.

Be careful with either decision, though. If you choose to pay, remember that you've likely become a customer for life. Whenever the criminal who attacked you needs a new car, for instance, you will likely be hit by more ransomware.

Remember, they said they would return your data, not that they would remove the ransomware, and now they know you are willing to pay for that information.

If you choose the second option and decide that you will not negotiate with hackers, make sure that information is not sensitive to individuals (social security numbers, financial statements, home addresses, phone numbers, etc).

In this case, the hacker may not destroy the information, but sell it to the highest bidder on the dark web. Criminals will pay a high price for sensitive information because they can use it to register for credit cards, take out loans and create fake IDs in the victims' names.

This popular saying couldn’t be any truer for this situation. If you truly want to protect yourself from a Cerber ransomware attack, then you need to put the piece in place to do that. This may mean employing the services of a managed IT services provider or beefing up your in-house IT support.

Ultimately, you need a solution that is going to stay current on all the threats of today’s digitally connected world. Other options can include data insurance, data back-up and disaster recovery, or a more robust antivirus solution.

At SOS, we employ a system for our customers through our partners at SophosTM called Intercept X. This allows our customers to rest easy knowing that their personal information is secure under lock and key.

It is my hope that you weren’t searching for this article because you need help removing Cerber ransomware. But if you do need help, there are options for you, and consulting a trusted managed services company is the first step toward receiving the assistance your company requires.

Want to Learn More About Computer Threats?
How Does Ransomware Work?
What is Social Engineering?
Network Security Threats of 2018 - and Solutions to Avoid Them
Phishing Tips - A Simple Guide to Avoid Malicious Emails
Cyber Security Solutions: Best Practices for Business