We have already seen malware that speaks (literally). Fake tech support scam pages often implement voice-over messages. And it is easy to assume why. You would definitely feel panicked if your computer started repeating that all your personal information was in danger, wouldn’t you?
Well, it’s not your computer talking but cyber criminals who have invented another way to scare users.
In this line of thinking, it was just a matter of time before ransomware learnt to speak. Yes, security researchers at Trend Micro have come across a new type of ransomware that plays a voice-over message in a computer-generated voice:
“Attention! Your documents, photos, databases and other important files have been encrypted!”
This ransomware is dubbed Cerber, or RANSOM_CERBER.A.
What Should You Know about the Cerber Ransomware?
Actually, this is not the first speaking ransomware. In 2012, security experts disclosed Reveton, a police ransomware, that could also speak in the victim’s mother tongue.
Learn More about Reveton Ransomware
So, what’s really new with the Cerber threat? According to researchers, there’s no other ransomware that pushes users verbally into taking an action.
Researchers believe that Cerber’s audio message is only played in English. Nonetheless, once the victim clicks on the link via Tor browser, they will be redirected to a page prompting them to select a specific language. The landing page may appear to offer several languages but at the time of the research, only English worked properly.
The ransom demanded by the cyber criminals behind Cerber is 1.24 Bitcoins, or approximately $520. If not paid within the deadline, the ransom is set to jump to 2.48 Bitcoins in a week.
The Cerber Ransomware Is an Example of the Ransomware-as-a-Service Model
Another interesting discovery is that Cerber has a configuration file in a specific file format – .json. This format is usually deployed to transmit and store data defined in attribute-value pairs. Basically, Cerber can be customized easily, thus enabling the cybercriminal to modify the following:
- The ransom message;
- The list of targeted extensions.
Also, the ransomware can be adjusted to blacklist countries. All these features prove that Cerber was created to be sold on the malware market and is yet another example of the ransomware-as-a-service model.
Currently, Cerber seems to be offered in the Russian underground market.
As for its distribution methods, Cerber is spread via the Nuclear exploit kit in aggressive malvertising campaigns.
Learn More about Nuclear EK
And remember that various ransomware threats are currently circling around the Web. To avoid becoming a victim of ransomware, keep those tips in mind at all times:
- Update your software;
- Update your browser;
- Update your anti-virus program;
- Use an external firewall;
- Employ anti-spam protection.
For more technical information, visit our Cerber removal article.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter