Monday , 22 October 2018
Home » NEWS » THIS WEEK’S GURUS » The Cerber Ransomware Family Has Evolved And Mutated
Martin Beltov, Cybersecurity expert
The Cerber Ransomware Family Has Evolved And Mutated

The Cerber Ransomware Family Has Evolved And Mutated

The Cerber family of ransomware has recently been updated to include new feature. Yesterday’s new 4.1.0 and 4.1.1. iterations of the dangerous virus has proved that the computer criminals are not going to stop to devise new ways to infect as many targets as possible.

The New Cerber Variants Are Upon Us

A new wave of malware threats has been identified by security researchers worldwide. Unfortunately the first analyses confirmed that our fears have been confirmed – the newly identified ransomware variants are the newest updates of the Cerber ransomware. As the new code is still under an active investigation we do not yet know how many targets the new Cerber variants have compromised however we do know that their capabilities are numerous and the targeted victims can only hope that they have adequate defensive measures against such ransomware.

But why worry so much about two new malware strains when there are other many security dangers that can potentially cause much more damage. The problem lies in the Cerber family of malware, these are of the most active and aggressive types of ransomware. Computer criminals utilize them in numerous intrusion campaigns. And Cerber has been the cause of several million Us Dollars of damage inflicted on both big business corporations, small and medium businesses and individual users.

The New Cerber iterations carry the version numbers of 4.1 and 4.1.1 use different tactics to infect as many computers as possible.

Cerber 4.1 Is Truly Scary

The Cerber 4.1 is a major update to the Cerber code. The virus encrypts target user files and renames the affected data with a random four-character extension based on a Windows registry value called “MachineGuid“. This is actually the compromised machine’s unique identification number.

One of the key new features of the new iteration is that this threat is developed with optimization in mind. The Cerber 4.1 ransomware is faster, quicker and much more effective than previous versions. The malware samples were identified in live attacks. This means that the hackers are actively using the Cerber 4.1 ransomware in coordinated campaigns, usually via the typical distribution methods of the malware family – spam email messages and malicious links. If you would like to learn more about the virus and access specific removal instructions click here.

And About The Cerber 4.1.1 Code

A variant of the Cerber 4.1 version was released concurrently with its release bearing the version number 4.1.1. The security engineers who are investigating the threat have discovered how the first attacks are carried out. The ransomware code is delivered in a payload, usually an infected or counterfeit program that has been downloaded from a hijacked, untrusted or criminal web site or a P2P network like BitTorrent. And the virus shows a wide range of features – it can access and modify the Windows Registry, the Windows Clipboard and manipulate running services and programs. A very strong cryptographic cipher is used to compromise the target user files.

To further extort money from the victims, the hackers have used a very successful tactic – they provide a demonstration of the effectiveness of the key by allowing the victims to restore one file of their choice for free. This has a psychological impact on the computer owners:

  1. The hackers prove that by paying the ransom fee the users will get their data recovered.
  2. The criminal operators of the Cerber ransomware try to discredit the anti-spyware and anti-virus solutions by deceiving the users that they do not work. In fact the Cerber family is one of the most popular threats and most solutions can help the users deal with the infection.
  3. The hackers pretend to offer convenience while in fact not every user would be comfortable to use the payment gateway and transfer money in the Bitcoin crypto currency.

The lead tactic of the criminals is to gain the trust of the victims. The evolution of ransomware shows that every successful ransomware family relies on two factors – efficient distribution and payment coercion. The users are made to pay the ransom fees as they are led to believe that this is the only way of recovering their files. In fact they are quite wrong. For more information about this specific threat and removal instructions click here.

The Future Is Not Bright

Unfortunately the two new ransomware samples were expected. Sooner or later we knew that new Cerber attacks are going to be unleashed. However the immediate spread of two updated samples caught researchers by surprise. By all means it appears that the hackers are becoming more aggressive with every new move.

We remind you that the two Cerber variants were found in live malware attacks, a code analysis was needed to be performed to investigate the threats. And ransomware are just part of the trouble, do note that botnets are one of the other major concerns for security experts. The massive Dyn attack was caused by one of the largest malicious networks Mirai.

We regret to conclude that the future is not very bright at all. Let’s just hope that security experts, vendors and manufacturers will provide adequate measures to prevent such large attacks from ever happening again.


Martin Beltov graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast, he enjoys writing about the latest threats and mechanisms of intrusion. He mainly contributes to the Best Security Search website.

About Lara Lackie

Lara Lackie is a reporter for The IT Security Guru.