The Cerber family of ransomware, a type of malware that encrypts documents on your computer, is now even harder to detect. The cybercriminals behind Cerber have reengineered it to evade security by creating a new method of loading that fools systems with machine learning capabilities.
As with most ransomware, Cerber infects potential victims through a socially engineered email that tricks people with compelling wording. The standard delivery method is an email that contains a link to a self-loading archive. When the link is clicked it installs the ransomware. Two of the Cerber files are standard installer-type files, but the third file contains a new script that can evade cybersecurity.
Cerber ransomware checks for virtual machines, sandboxes (secure environments for loading/running suspicious software), analysis tools that can catch malicious software, and whether any applications are installed from top security vendors (such as Trend Micro, Kaspersky and BitDefender). If the ransomware loader detects any of these, the malware automatically stops running, thereby avoiding detection. Since the new Cerber variant stops itself from loading in these situations, your network will not even know it was targeted.
Cerber creators developed this new variation primarily to avoid machine learning. The main method that security vendors use to prevent attacks is to detect malicious files based on features of the loader. With the new loading mechanism, however, these updated Cerber files can’t be analyzed until they are installed and therefore too late to prevent.
The surest method to prevent this new type of ransomware from infecting your computer is to have multiple layers of protection on your network and computers. Ransomware and malware focus on a single point of weakness. So far, they have not yet been successful in creating delivery methods that can get through multiple security layers. A combination of network level security, antivirus protection and education against social engineering will give you the highest success rate in preventing cyberattacks.
Automated Information Technology Company (AITC) specializes in protecting small businesses from cybersecurity threats. Our services can protect you before threats happen, or remove them after the fact. We partner with TrendMicro, a top security software company that has prevented over 100 million ransomware threats.