When DDoS Attacks and Ransomware Combine, the Results are Ugly

Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.

What’s worse, this variant of Cerber is more than just your typical ransomware, as it also possesses DDoS capabilities.

DDoS, or Distributed Denial of Service, programs utilize the previously infected systems in their attacks on new victims as part of a botnet, causing the target system to cave under a deluge of useless traffic. Therefore, as an unfortunate recipient of this malware tries to resolve the problem, their system has already been assimilated into a cyber horde that’s attacking other systems.

Cerber demands a ransom of 1.24 Bitcoins to unlock the currently uncrackable ransomware, which converts (as of this writing) to approximately $718 US dollars.

The attack typically goes down as such: An intended victim receives an email with the ransomware. If activated, Cerber adds three files onto the desktop of the victim’s computer, each containing the same message. One is TXT format, one is HTML, and one is a Visual Basic Script that converts into an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! The most annoying part is that every startup will trigger this message.

The other two files also contain instructions to navigate to the Tor payment site in order to pay the ransom, with the phrase “What doesn’t kill me makes me stronger,” transcribed in Latin at the bottom. As a brief reminder, we never recommend paying a malware ransom, as there is no guarantee that they will comply and release your files, and your funding will only contribute to further attacks.

As there is currently no known fix for Cerber, it is critical that businesses (the clear target of the ransomware) avoid falling victim to it, or any phishing-based attack for that matter. To do so, decision makers in companies should implement and enforce the following policies in their day-to-day practices.

    n

  1. Users should be informed of email security best practices, including not running or opening attachments from unknown sources or suspect emails in general.
  2. In case of possible infection, all files should be kept on an isolated backup to prevent data loss. An infected backup is no good, and so it should remain separate from the network to avoid such a circumstance.
  3. Be sure to keep all systems thoroughly updated with the latest versions of all your protections, as malware designers are in a constant race with their programs to outpace those who design protective programs.

To find out more about threats like this affecting your business, subscribe to Think Tank NTG’s blog.

Leave a Comment