Security researchers detected a new member of the notorious Cerber ransomware family – Cerber3. Currently, the Cerber ransomware is one of the most dangerous threats in all its versions and, for the moment, experts have managed to crack it first version while Cerber2 remains at large.
Rumors of the Cerber3 existence has been buzzing through the web for a while now, despite the fact that the v2 is still active and effectively attacking users. The malware researcher, PhysicalDrive0, tweeted the virus’s file names.
At this point, no reports of infections have been received but there is still a chance that the youngest Cerber member is active. However, it is known that it appends the “.cerber3” extension at the end of encrypted files and its ransom note is named “# HELP DECRYPT #.txt”. When it comes to how it arrives at its destinations, researchers assume that, like older versions, it relies on spam email messages with malevolent attachments as well.
Another malware researcher, Jakub Kroustek, also confirmed the presence of Cerber3 when he tweeted:
For now, there isn’t enough reliable information, but it seems like Cerber3 is about to start attacking users any time now. This particular ransomware family is a real moneymaker, generating its operators huge profits. Raging out in 201 different countries, Cerber earns up to million dollars to its owners. If this isn’t bad enough, with Cerber3 upcoming, these profits are expected to jump quickly.
All crooks want to improve and upgrade their products on regular bases, do anti-malware and anti-virus program have a hard time flagging them. Cerber`s devs have both the time and the means to make any king of adjustments they want to perfect their ransomware. Now, when there is a new Cerber family member, it is possible Cerber2`s activity to slow down.
Totally deserving its name of the three-headed hound, Cerber, which guards hell`s gates, the ransomware does a similar thing by keeping the locked data from exiting the PC, until the ransom sum is paid.
As mentioned, the crooks make a killing out of those viruses, and it’s likely that they’ll make more money with the new variant of the virus.
All users are strongly advised to be on the alert, as new viruses are cybersecurity tools like anti-virus and they are much more difficult to be flagged as a threat. A double-check is a must when users receive shady-looking emails, programs, links, ads and etc. Given the fact that a decryptor for the Cerber`s second version is still not available, we will have to wait and see if Cerber3 will be as difficult to defeat.