starbuck Posted March 4, 2016 Posted March 4, 2016 Cerber, the latest ransomware threat, doesn’t just encrypt all of your files: it also tells you about it, out loud, and repeatedly. It’s like something out of a 90s hacker movie, except this isn’t fake: your files really are all gone until you pay up. “Attention! Attention! Attention!” is what infected computers will say to their users, using the text-to-speech engine built into Windows. “Your documents, photos, databases, and other files have been encrypted!” Cerber is the latest in a long line of similar attacks, but is unique in a few ways, including the bizarre voice. Cerber’s modis operandi is outlined in a blog post by Lawrence Abrams of security blog BleepingComputer, which explains that copies of the ransomware are reportedly available for sale on an underground Russian hacker forum. Essentially, this is a franchise model: would-be hackers can use the ransomware, but the original creator also gets a cut. When the malware spreads to a new machine, it first checks to see if that computer is inside particular countries including Russia and a number of former Soviet block nations. If the laptop is within those borders, the malware won’t do anything. Then Cerber sets the computer to start in safe mode after the next reboot, and allows itself to run constantly: at boot, as the computer’s screensaver, and every minute just for good measure. After a few forced reboots, Cerber will scan your computer for certain filetypes including Office documents, photos, PDFs, music, and most other common filetypes, and encrypt them with the near-uncrackable AES-256 algorithm. Cerber can also scan the network for Windows shares, and encrypt files on those machines as well. Once the ransomware finishes encrypting files, it starts announcing its presence. HTML and TXT files in each encrypted folder explain what has happened, and direct users to install TOR and visit a particular page in order to pay up. For $500, victims can regain access to their files. The VBS files, meanwhile, triggers the aforementioned audio announcement. There’s currently no way to decrypt the files for free, which means users who really want access to their files are likely to pay up. If you want to keep yourself safe from threats like this, make sure you have an up-do-date anti-malware application, use common sense while browsing, and make sure you keep backups of all your files. Source: http://www.digitaltrends.com/computing/cerber-ransomware-creepy-voice-encrypted-files/ Also see: http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/ Quote
FPCH Admin allheart55 Cindy E Posted March 4, 2016 FPCH Admin Posted March 4, 2016 My daughter just called me about her girlfriend's computer with something much like this. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
DSTM Posted March 4, 2016 Posted March 4, 2016 The only sure way I think to beat these crims is to have regular backups/clones of your OS on another drive and NOT hooked up. What do you think? Pete. Quote Roses are red, violets are blue, I'm Schizophrenic, and so am I Free Photo Restoration and Repair for all Forum members - CLICK HERE Please pop back and let us know if your Computer problem has been solved.
FPCH Staff Tony D Posted March 4, 2016 FPCH Staff Posted March 4, 2016 Anyone know if it infects network drives that may be accessible by the computer. How about attached drives? How about cloud backups like Carbonite? I assume that local encrypted files will be backed up to services like Carbonite. I read somewhere that Carbonite keeps 12 versions of your files. So you could go back to the previous version of your files. You know, the ones that were there before the ransomeware hit. However, I'm not sure of this. Quote
starbuck Posted March 5, 2016 Author Posted March 5, 2016 The only sure way I think to beat these crims is to have regular backups/clones of your OS on another drive and NOT hooked up. What do you think? Pete. Definitely Dougie. But this is probably easier for home users to do..... but not as easier for business's. Anyone know if it infects network drives that may be accessible by the computer. How about attached drives? The BC article states: If the network setting is set to 1 in the configuration file, then Cerber will search for and encrypt any accessible network shares on your network, even if those shares are not mapped to the computer. How about cloud backups like Carbonite? I wouldn't take it for granted that any cloud backups would be safe. Ransomware a Threat to Cloud Services, Too 2 Quote
Recommended Posts