Home > Cyber News > HELP_HELP_HELP Used by Cerber Ransomware’s Latest 2017 Update

HELP_HELP_HELP Used by Cerber Ransomware’s Latest 2017 Update

The red variant of Cerber ransomware keeps being the persistent and savage beast in the malware world. The virus does not have much improvements since the red version came out, but only few modifications in it’s code. These at first hand incremental changes in the virus were actually focused on interacting with database processes and shutting them down in order to uninterruptedly encrypt databases.

Why So Many Versions?

Since malware authors often come up with different improvements and in the old habit of renaming a version to be a newer one after the improvements, there have so far been many Cerber iterations. However, the changes were not massive, for example some partial changes in the code of the virus or changes in the ransom note or adding an audio message. Since they were so much, the authors of Cerber ransomware may have stopped adding version numbers, like the previously detected 4.1.1, 4.1.2, etc. iterations exactly for that reason.

What is New In HELP_HELP_HELP Cerber?

Being as it is, this version almost does not have anything different than the previous Red Cerber variants, primarily because the virus simply works and since the 1st version which is now decryptable, no other version of this virus is able to be decrypted.

The differences however are in how the virus actually infects. While Cerber has preserved the good old e-mail spamming methods, the virus uses many different exploit kits and distribution malware types, like Trojans, malicious scripts and even worm-like malware to maximize the infection rate.

Cerber still uses the same PseudoDarkLeech RIG-V exploit kit and what is interesting about it is that via UDP, similar traffic is noticed with another ransomware virus, which many refer to as Sage Ransomware.

What is more, zerophagemalware reports that Cerber still has a low detection rate dropping a randomly named .exe payload:


As a bottom line, Cerber ransomware may seem different, but every new version has either some small improvement in it or changes in how the virus infects. This latest version has many changes when it comes to database encryption and shutting down processes of Windows that may interfere with the encryption process. Whatever the case may be, most Cerber infections are spread via e-mail, so our advice to users is to read our related article below and learn how to protect yourself from such e-mails:

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree