According to a researched released in June, malware creators are using several methods to avoid detection, while Cerber Ransomware’s team are using a “server-side malware factory.”
Called the hash factory, the ransomware’s server is able to change the Cerber payload often so they are able to create unique and different hash codes. The research reported that a new one is created every 15 seconds.
This makes ransomware attacks much more difficult to detect since most signature-based solutions rely heavily on the hash identification of known malware types to be able to seek them out.
According to security experts, Cerber ranks third after CryptoWall and Locky in terms of being the largest ransomware threats today. This does not bode well for the public’s computer security as Cerber has only been visible since March of this year.
The Ransomware server creates a new one every 15 seconds.
CryptoWall leads all ransomware types at 41%, with Locky at 34%, and Cerber following at 24%, based on numbers security experts published online. Researchers also found out that almost half of all Cerber attacks were in the U.S. – with Taiwan, Japan, Australia, Brazil, Canada, Portugal, Spain, Malaysia, and Germany among the others affected.
The researchers found out that the ransomware uses a weaponised type of document to infect machines. The document includes PowerShell which has the capacity to install the Cerber ransomware through a file-less method.
Researchers, however, could not point out it the ransomware was programmed locally or generated in a remote locale and uploaded by a code. A part of Cerber was also found to match a ransomware sample from September last year. The researcher also linked Cerber to the Dridex botnet, but not in a way that used a server-side malware factory.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.