Cerber Ransomware Corporate Attacks Explained by Microsoft - How to, Technology and PC Security Forum | SensorsTechForum.com

Cerber Ransomware Corporate Attacks Explained by Microsoft

Cerber ransomware infections have been infecting more corporate computers than home-based machines, Microsoft report reveals. 2114 infections have been uncovered inbetween December and January, all on corporate endpoints running Windows 10 Enterprise. This Windows edition is supposed to be very effective against ransomware thanks to its embedded Advanced Threat Protection exploit mitigations.

Microsoft has been fighting Cerber sinceJuly 2016, or perhaps even earlier. This is when Cerber’s authors changed the ransomware and made it target Office 365 in macro-based attacks. Microsoft also says that its ATP recognizes Cerber payloads and prevents them from being activated.

Related: Old Computers Make Users Drink and Shout, Microsoft Survey Says

Microsoft wrote:

Our research into prevalent ransomware families reveals that delivery campaigns can typically stretch for days or even weeks, all the while employing similar files and techniques. As long as enterprises can quickly investigate the first cases of infection or ‘patient zero’, they can often effectively stop ransomware epidemics. With Windows Defender Advanced Threat Protection (Windows Defender ATP), enterprises can quickly identify and investigate these initial cases, and then use captured artifact information to proactively protect the broader network.

ATP will soon be upgraded in the future Creators Update to make it possible for infected machines to be isolated from the network. Execution prevention and quarantine capabilities will be added. These changes are in tune with the latest mitigation efforts Microsoft has implemented in Windows 10. The features were previously present in the about to be terminated Enhanced Mitigation Toolkit.

Cerber’s campaigns took place in two major ways: via emails containing malicious attachments and the use of RIG exploit kit.

Related: New Version of Rig Exploit Kit Is Being Developed

One of the latest versions of RIG was reported to cause infections via Microsoft software last August. One of those exploits was reported by Eduard Kovacs at Secrutiyweek.com to be the CVE-2016-0189. This type of vulnerability allowed for a remote execution type of attack which took advantage by executing JavaScripts as well as VBScripts.

Have a look at the detailed Microsoft explanation of a corporate Cerber attack.

Related: Decrypt Files Encrypted by Cerber Ransomware

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.