Cerberos Ransomware
Posted: April 11, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 61 |
First Seen: | April 11, 2017 |
---|---|
OS(es) Affected: | Windows |
The Cerberos Ransomware is a Trojan that can encrypt your files and create pop-ups with its ransom demands, such as contacting an e-mail address or transferring Bitcoins. Using backups can keep your local media safe from attacks like the Cerberos Ransomware's payload, and following its instructions may not give you a decryptor. Use anti-malware products to delete the Cerberos Ransomware after it attacks your PC or, preferentially, before it finishes installing itself.
Put-Down Hounds Growing New Heads for Barking
While the Cerber Ransomware is, without a doubt, the most publicized reference in the threat industry to Greek mythology's Cerberus, some other threat actors appear interested in taking the name. The same group responsible for the CyberSplitter Vbs Ransomware has modernized their attacks with a new Trojan, the Cerberos Ransomware. In spite of the similar brand names between the Cerberos Ransomware and the infamous Cerber Ransomware, malware analysts are determining that the two file-encrypting Trojans share no significant code in common.
However, the Cerberos Ransomware still does deploy harmful encryption as its most important feature. After enumerating your local drives and searching for files such as Word documents or BMP images, the Cerberos Ransomware encrypts and locks them. Symptoms you also may identify afterward include:
- The Cerberos Ransomware may make changes to the filenames of any encoded content, including removing an old extension or adding a new one.
- The desktop's wallpaper image may be hijacked and reset to one of the Cerberos Ransomware's choice
The Cerberos Ransomware completes its attack with a pop-up window recommending that you contact the threat actor's e-mail address for help. For nearly every file-encrypting Trojan attack, malware experts connect such communications with delayed ransom negotiations. Would-be extortionists may claim, either legitimately or falsely, to give you a decryptor download link or key, which they sell after a transferal of a non-refundable currency such as Bitcoin.
Ensuring that an Underworld Dog's Profits Stay Buried
The Cerberos Ransomware represents an odd change in direction for the ransom-collecting operations of its authors. Although the so-called 'Cyber SpLiTTer Vbs Team' has been using screen-locking pop-ups with built-in paying mechanisms for their previous Trojans, the Cerberos Ransomware reverts to nothing more than providing a Gmail account for the victim to contact. This obfuscated means of ransoming a victim's files could indicate that the threat actors want to negotiate a currency without having examples from past attacks for open comparison.
Whether their motives for the change are straightforward or not, the Cerberos Ransomware can endanger any files on your computer through attacks that may not be reversible. PC users with concerns about the potential lack of a decryption tool should protect their drives by backing them up to either a local storage device or a password-protected server. As of their last analyses, malware experts find that the Cerberos Ransomware displays poor self-defense against its detection and removal by any standard anti-malware program.
As new solutions come out for de-fanging old Trojans, threat actors have to continue developing updates or new products for their unwilling 'market.' Readers only can hope that the Cyber Splitter team will keep failing to impress with comparatively low-key efforts like the Cerberos Ransomware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 56.32 KB (56320 bytes)
MD5: 7ed0b77353e094d9a1042769a78ef6a0
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 11, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.