So far it has been difficult to assess what happens to the data encrypted by the known ransomware variants. Most communicate with command servers and send over encrypted information. There is a possibility that victim’s data is exfiltrated to the attackers’ server, but in many cases, this has not been confirmed by experts. There is no other known ransomware implementing targeted functionality to exfiltrate data or steal certain information (like passwords).
This new variant of Cerber ransomware, along with encrypting user files as its predecessor, also attempts to steal specific information from the target machine:
Successful attacks will provide cybercriminals with a chance to profit from the ransom paid by victims to unlock their data but will augment the earnings, if both Bitcoin wallet information and associated passwords are successfully stolen. There is a lot of information that can be taken from a user profile on a computer. The above is just an example, but attackers may target other applications or security subsystems to gain access to databases or servers based on password hashes or client applications on the victims’ machines.
The best protection against ransomware infections consists of a multilayered security strategy involving antivirus and anti-ransomware technology combined with security training to increase the awareness about how ransomware infects a machine and what to do to avoid being a victim.
Please read our article on how to protect against ransomware.
Cybercriminals realize that the most important trait of ransomware, its detection difficulty, can be successfully combined with old malware functionality to steal data, use the PC for malicious purposes or add worm-like capabilities for spreading horizontally. Soon, it is likely to see many such combinations where ransomware adds one or more of the capabilities above: a “WannaCry” that also steals data while spreading like a worm or a “Locky” that uses victims’ machines to carry out DDOS attacks. This is likely to be the main development direction for ransomware and the slow death of generic malware (classic computer virus), as we used to know it, three years ago.
Our dedicated solution TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss. TEMASOFT Ranstop is at the core of any multi-layered security strategy designed to protect against ransomware. Learn more about how TEMSASOFT helps customers protect against Cerber ransomware.
Learn more about how TEMSASOFT helps customers protect against Cerber ransomware.
For more information, follow us on social media and subscribe to our newsletter.
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…