Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Cerber “4.0” Ransomware Now Kills Database Processes

cerber-4-0-new-wallpaper-sensorstechforumAn update has been made to the latest version of Cerber Ransomware which many seem to call “4.0” using the distinctive README.hta type of files and random file extensions after it encrypts a file. The new update of the virus features several advanced features like the ability to directly shut down in a force mode database processes. Not only this, but a new feature regarding the virus’s distribution has also been added – the Rig Exploit Kit.

What Updates Does Cerber “4.0” Have

Known by the nickname “Cerber 4.0” ransomware given to it by bloggers, the new virus has got several important updates primarily concerning strengthened defense and increased the scope of encryption.

Closes Database Processes

One of the new features of Cerber “4.0” and probably the most significant one in comparison to the previous version is that the virus can immediately force close all the processes that are crucial for databases to encrypt the uninterruptedly.

Has New JavaScript Loader

Another feature of this Cerber ransomware virus is the fact that it can infect more users while undetected because it uses an advanced JavaScript type of Loader. This type of .js file can infect via simply being redirected to a malicious link, but it may also be presented as a file that appears to be a legitimate e-mail attached document.

Cerber “4.0” Is Distributed Via Several Different Exploit Kits

Another new feature of the Cerber virus is that it uses the Rig Exploit Kit as well as several others to successfully infect users. This type of exploit kit is believed to be a bit outdated, but still very dangerous and immensely effective. Not only this but another exploit kit is also reported in associations with Cerber attacks – the Magnitude kit. The worst news is that there have been infections that were detected to be performed via the notorious Neutrino exploit kit which is believed to be discontinued by now. Many believe that the exploit kit may have been updated and hidden for sale from the public.

A Wider Range Of Files It Encrypts

Cerber “4.0” Ransomware now has an extended pre-programmed list of file extensions it can encipher. The virus now may encrypt more types of files that are not only associated with different programs that are often used but that are crucial to the successful running of those programs.

New Tor-Based Domains

Not only the range of files of the Cerber virus and it’s defensive features are updated. Now it can perform it’s malicious management activities via new Onion-based hosts which are difficult to detect.

New Defensive Features

Not only does Cerber “4.0” have an updated Morph, but the virus also possesses the ability to slip past anti-ransomware software which is something quite remarkable for a ransomware threat.

What to Do If I Am Infected by Cerber “4.0”

In case you have become a victim of what users call Cerber “4.0”, be advised that there is not much that can be done at this point, because unlike the first Cerber version, this one has not been officially decrypted. The only relevant action for you is firstly to remove the virus from your computer with an advanced anti-malware program and after this attempt to restore your files using some of the alternative methods below at your risk:

Alternative Methods to restore files encrypted by Cerber "4.0"

Bear in mind that before attempting to use the methods for file restoration, it is strongly advisable to take into consideration that these methods are not 100% guaranteed and may damage the encrypted files. This is why we advise you back up the files via copying them on a USB flash drive or exporting them onto the cloud with Cloud Backup software, such as SOS Online Backup(Software Review):

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.