Cerber Ransomware Encrypts Files, Kills Database Process Servers

You May know Cerberus frequently called the "dog of Hel", a monstrous multi-headed dog only in this case, Cerber is one nasty ransomware locking files and making it hard for victims to recoup their data.

Lately, we have been hearing a whole sle and quite often roughly the Cerber ransomware, which so far has tested to personify this twelvemonth's most prevalent ransomware family. Reportedly, Cerber ransomware accounted for over single-poop of the total ransomware detections in the past three months and has generated $2.3 million yearbook revenue.

Now, we hear that this particular ransomware has get on even more powerful with its improved key multiplication back in Revered and the capacity of using random extensions for encrypted documents. Still, the most devastating of them all is that the latest translation of Cerber ransomware arse kill database servers' processes with these enhanced capabilities. It is titled Cerber 3.0 while the extension it uses for encrypted documents is dubbed as .cerber3.

MUST READ: HOW TO SECURE CYBER-INFRASTRUCTURE FROM RANSOMWARE?

Bleeping Computer reports that the ransomware can kill some database processes through the airless process directing salute in its configuration file. The ransomware terminates wholly or some of the processes prior to starting the information encoding appendage. This fashio, it nates encrypt data files of the processes as well since the file wouldn't be available for encoding if the process was active.

Previously, Cerber was distributed via exploit kits, malware scams and spam emails. From September onwards, researchers have noticed a change in its distribution trend. It is nowadays being distributed by Betabot. In its latest version, the ransom money amount has been minimized and the ransom note has also been qualified but even in this version, the victims are contacted via an audio frequency file cabinet.

The Cerber 3.0 uses a four-character telephone extension now, which is randomly generated and the encrypted single file's name is also disorganised to make data recovery really difficult if not unfeasible. Moreover, the redeem note is dubbed as README.hta.

MUST READ: 7 CASES WHEN VICTIMS PAID RANSOM TO Give up CYBER ATTACKS

The list of the processes targeted by Cerber 3.0 is as follows:

"msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe, prophet.exe, ocssd.exe, dbsnmp.exe, synctime.exe, mydesktopqos.exe, agntsvc.exeisqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, agntsvc.exeagntsvc.exe, agntsvc.exeencsvc.exe, firefoxconfig.exe, tbirdconfig.exe, ocomm.exe, mysqld.exe, mysqld-nt.exe, mysqld-opt.exe, dbeng50.exe, andsqbcoreservice.exe."

#Cerber #Ransomware mixing things up? Seeing "README.hta" (goes to legit Cerber page), with haphazard 4char ext, e.g. ".98a0", ".a37b", ".a563" pic.twitter.com/5qJMkHbCLL

— Michael Gillespie (@demonslay335) October 2, 2016

Readme.hta File of Cerber Ransomware / Image Beginning: Twitter

Suchlike to its previous versions, the new Cerber ransomware reading also sends UDP packets to the 31.184.234.0/23 range.

I am an Electronic Organize, an Android Game Developer and a Tech writer. I am into music, snooker and my life catchword is 'Do my best, so that I can't blame myself for all the world.'

Source: https://www.hackread.com/cerber-ransomware-encrypts-files-kills-database/

Posted by: lainezdrinnera76.blogspot.com

Share this post