An update has been made to the latest version of Cerber Ransomware which many seem to call “4.0” using the distinctive README.hta type of files and random file extensions after it encrypts a file. The new update of the virus features several advanced features like the ability to directly shut down in a force mode database processes. Not only this, but a new feature regarding the virus’s distribution has also been added – the Rig Exploit Kit.
What Updates Does Cerber “4.0” Have
Known by the nickname “Cerber 4.0” ransomware given to it by bloggers, the new virus has got several important updates primarily concerning strengthened defense and increased the scope of encryption.
Closes Database Processes
One of the new features of Cerber “4.0” and probably the most significant one in comparison to the previous version is that the virus can immediately force close all the processes that are crucial for databases to encrypt the uninterruptedly.
Cerber “4.0” Is Distributed Via Several Different Exploit Kits
Another new feature of the Cerber virus is that it uses the Rig Exploit Kit as well as several others to successfully infect users. This type of exploit kit is believed to be a bit outdated, but still very dangerous and immensely effective. Not only this but another exploit kit is also reported in associations with Cerber attacks – the Magnitude kit. The worst news is that there have been infections that were detected to be performed via the notorious Neutrino exploit kit which is believed to be discontinued by now. Many believe that the exploit kit may have been updated and hidden for sale from the public.
A Wider Range Of Files It Encrypts
Cerber “4.0” Ransomware now has an extended pre-programmed list of file extensions it can encipher. The virus now may encrypt more types of files that are not only associated with different programs that are often used but that are crucial to the successful running of those programs.
New Tor-Based Domains
Not only the range of files of the Cerber virus and it’s defensive features are updated. Now it can perform it’s malicious management activities via new Onion-based hosts which are difficult to detect.
New Defensive Features
Not only does Cerber “4.0” have an updated Morph, but the virus also possesses the ability to slip past anti-ransomware software which is something quite remarkable for a ransomware threat.
What to Do If I Am Infected by Cerber “4.0”
In case you have become a victim of what users call Cerber “4.0”, be advised that there is not much that can be done at this point, because unlike the first Cerber version, this one has not been officially decrypted. The only relevant action for you is firstly to remove the virus from your computer with an advanced anti-malware program and after this attempt to restore your files using some of the alternative methods below at your risk:
Bear in mind that before attempting to use the methods for file restoration, it is strongly advisable to take into consideration that these methods are not 100% guaranteed and may damage the encrypted files. This is why we advise you back up the files via copying them on a USB flash drive or exporting them onto the cloud with Cloud Backup software, such as SOS Online Backup(Software Review):