Of all crooked money-minting methods hackers use, the most common is ransomware.
It’s a malware that’s delivered via infected email attachments, hacked websites, etc that encrypts files on your computers, and renders them useless. The
Cyber-criminals make millions of dollars from ransomware. Several organizations around the world have been badly hit by
My laptop recently got infected by one of the latest versions of this
Here’s what it does.
The malware encrypts users' files using AES encryption and demands that victims pay a ransom of 1.24 Bitcoins, or approximately $500 (Rs.33k).
It was silly of me to download and install what seemed an interesting free software, and I sealed my fate. You’ve been warned.
Interestingly, I hear Cerber checks if the victim is from a particular country. If the computer appears to be from any of the following countries, it will terminate itself and not encrypt the computer.
Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine, Uzbekistan
If the victim is not from one of the above countries, which I’m not, the Cerber installs itself in the %AppData%\{2ED2A2FE-872C-D4A0-17AC-E301404F1CBA}\ folder and names itself after a random Windows executable. It restarts the computer soon after, and the ransomware begins wreaking havoc with my files, encrypting each document's filename and adding a .CERBER extension to it.
When encrypting your data, Cerber will scan your drive letters for any files that match its list of over 50 file extensions. When it finds a match, it encrypts the file using AES-256 encryption, encrypt the file's name, and adds .CERBER extension to it. So your file Office_Presentation.doc may be renamed as Zu0ITC4HoQ.cerber.
The worst is yet to come. Cerber creates 3 ransom notes on your desktop, and in every folder it has attacked. These files are called # DECRYPT MY FILES #.html, # DECRYPT MY FILES #.txt, and # DECRYPT MY FILES #.vbs. These ransom notes have threats and instructions on what has happened to your data, and every single one has links to the Tor decryption service where you can make the ransom payment and retrieve the decryptor.
At the end of each ransom note there’s this Latin quote:
Quod me non necat me fortiorem facit
- Cerber Ransom Note
In English, this translates to ‘That which does not kill me makes me stronger’. That made my blood boil.
Anyway, Cerber is special than other ‘unsophisticated’ malware out there. The # DECRYPT MY FILES #.vbs file contains VBScript, which will cause the victim's computer to speak to them. You heard me right!
My attacker spoke to me via an automated message that says this: