Safeguard Consulting Group

View Original

Cerber overthrows Locky as top ransomware menace

Cerber, one of the most successful ransomware variants, was first seen in the wild with a new loader capable of evading detection from machine learning tools during March. And now it seems Cerber has overthrown 2016’s menace: Locky.

Specifically, Cerber accounts for 90 percent of all ransomware infections, a recent Malwarebytes report found. An influx of new Cerber versions released in 2017 have made the variant the most popular - and successful on the market.

In addition, Cerber adopted the Ransomware-as-service model, meaning distribution is rapidly expanding through multiple dark web actors and groups.

"It's spread is largely because the creators have not only developed a superior ransomware with military-grade encryption, offline encrypting and a slew of new features, but by also making it very easy for non-technical criminals to get their hands on a customized version of the ransomware," the report authors wrote.

Ransomware found its sweet spot in healthcare last year, with hackers using Locky to target the industry with massive phishing campaigns in August. Although multitudes of ransomware variants are available, Locky was the most popular in 2016 for its success rates and sophistication. It also can’t be decrypted without keys.

After a massive surge in Locky attacks in November, however, the virus quickly faded, the report found, but healthcare security professionals should know that ransomware has thus far continued proliferating in 2017 and ranks as the most heavily utilized type of malware used by hackers.

Further, organizations can expect an increase in the development of malware that targets both Mac and Windows systems, which includes evolved delivery, social engineering and spam methods, the report found.

“Targeted malspam has primarily been a Windows problem to date,” the authors wrote. “But the reemergence of Microsoft Office macro malware capable of affecting Macs may change this. Many of these malicious documents include code capable of detecting whether it is running on a Windows or Mac system and taking action appropriate to the system to infect it.”