Authorities believe that the cybercriminals behind worldwide Cerber Ransomware distribution campaigns are expand their operations, with a significant spike in Cerber Ransomware campaigns being observed near the end of 2016. The number of Cerber Ransomware distribution campaigns that are active across the globe is steadily increasing as the first quarter of 2017 comes to a close, which indicates that there is currently no end in sight for the menace that is Cerber Ransomware, even in 2017.
Cerber is a fairly new breed of Ransomware that encrypts all the data on any computer it infects, informs the user of the encryption and extorts a considerable amount of money out of the user in exchange for the decryption program and decryption key capable of decrypting their data. Different Cerber Ransomware distribution campaigns deploy different variants of Cerber, but all variants are confirmed to encrypt user data and get users to pay a hefty sum of money in exchange for decryption.
At this time, the most common method of Cerber Ransomware distribution involves the perpetrators sending the victim-to-be an email containing a .ZIP file as an attachment under a ruse (such as the delivery of a product they purchased online). When the victim unzips the attached file, the document files inside start running a malicious macro code (which is actually a Trojan downloader) that proceeds to download and execute Cerber. Once the macro code succeeds and Cerber is executed on the victim’s computer, the Ransomware encrypts all of the user’s data and the user sees something like this on their screen:
After analyzing telemetry data from Windows Defender, Microsoft has determined that the perpetrators behind the recent rise in Cerber Ransomware attacks are predominantly targeting Asian and European countries, with a few countries in North America, Africa and South America also being targeted. The map below represents the findings of Microsoft’s examination of the Windows Defender telemetry data.
According to Microsoft, Windows 10 and Windows Defender have security technologies capable of successfully detecting and dealing with almost all variants of Cerber Ransomware, with coverage for additional variants of the Ransomware being added as countermeasures for them are developed. If you are using Windows 10 and have Windows Defender as your primary line of defense against threats to your computer, keep your computer up to date and be especially keen on installing any and all definition updates for Windows Defender that come your way. Your computer and Windows Defender will only be able to deal with Cerber if you keep them up to date and they have all the tools they need.