The landscape of malware is vast, and hackers are relentless in their latest efforts to launch their arsenal of threats aimed at vulnerable computer users. One of the most recent threats to be aimed at computer users is the Cerber Ransomware, one that has recently evolved since its conception just weeks ago to announce audibly a creepy voice notification on infected computers.
Cerber Ransomware, much like many other encryption type ransomware, is known to encrypt files on an infected computer and hold those files for a substantial ransom fee that claims will lead to release of a decryption key to restoring the encrypted files. While the initial functions of Cerber Ransomware were already serious enough, the latest update of the threat has it speaking out loud in a creepy audible voice saying, "Attention! Attention! Attention!, Your documents, photos, databases, and other files have been encrypted!"
There have been many other accounts of malware threats having the ability to speak or make other audible tones as an additional alert to the computer users potentially attempting to relay the severity of the infection. Cerber Ransomware is the first ransomware that also encrypts files to utilize an audible notification that is believed to further coax computer users into paying the ransom fee.
Ransomware like Cerber is disastrous for most computer users as it is known to encrypt several files making the infected computer virtually useless for performing various functions or surfing the Internet. What makes threats like Cerber Ransomware so devastating is not only the idea of it speaking out loud over your computer's speakers of your files being encrypted, but the potential loss of all of your files. In over half of Cerber Ransomware-infected systems, the computer user is left without any reprise in restoring their system unless they have a full backup copy of their hard drive stored on another storage device. This is a commonality among ransomware like Cerber and similar threats, such as CryptoLocker, CryptoWall, TeslaCrypt and many others.
As we dig deeper into the spreading methods of Cerber Ransomware, we have found where it is bundled as a Ransowmare-as-a-Service threat, which means the threat can be easily customized to modify the ransom message and list of targeted file extensions. Moreover, Cerber Ransomware has reportedly been available for sale through underground Russian hacker forums, or what some call the Dark Web. Such an avenue of spreading and marketing Cerber Ransomware allows would-be hackers to utilize the threat and customize it in a way to specifically target certain areas or computers.
The functionality of Cerber Ransomware goes much further than its ability to speak a creepy voice through an infected computer's speakers. In fact, Cerber Ransomware can check a targeted computer's location and decide if it should initiate its malicious functions.
Advancements of Cerber Ransomware are clear after we discovered that now utilizes the nearly-undefeatable AES-256 encryption algorithm. Fundamentally, there is no way of decrypting the files that Cerber Ransomware takes hold of and encrypts. Computer users are left with the only option of restoring their system from a backup copy of their hard drive or paying the ransom free to obtain a decryption key, which is a booming business for the majority of users faced with threats like Cerber Ransomware.
Cerber is nearly considered to be a new breed of ransomware threats in that it will first encrypt files and then make its audible announcement of the files being encrypted. Additionally, Cerber Ransomware will redirect users to a page to install the TOR browser to pay the fee, which is about $500 at the time of our investigation.
As the sophistication of malware threats like Cerber Ransomware evolves, we expect to see a propagation of threats that do all sorts of strange things, including audibly speaking out its malicious intentions to further scare computer users into submission so they may fund the next payday of ruthless hackers.