U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts observed several malvertising campaigns deliver Cerber 4.0

Cerber 4.0 is the latest variant of the Cerber ransomware family that is becoming even more common in the malvertising campaign in the wild. Another variant of the notorious Cerber ransomware, the Cerber 4.0, appeared in the wild delivered by several exploit kits, including RIG, Neutrino, and Magnitude EKs. According to the experts from Trend Micro, the Cerber 4.0 first appeared in October […]

Experts observed several malvertising campaigns deliver Cerber 4.0

Cerber 4.0 is the latest variant of the Cerber ransomware family that is becoming even more common in the malvertising campaign in the wild.

Another variant of the notorious Cerber ransomware, the Cerber 4.0, appeared in the wild delivered by several exploit kits, including RIGNeutrino, and Magnitude EKs.

According to the experts from Trend Micro, the Cerber 4.0 first appeared in October and became very popular in the criminal ecosystem where it is still used to power several malvertising campaigns.

The Cerber ransomware has rapidly evolved since its first apparition, it is considered one of the greatest success of the Ransomware-as-a-service (RaaS).

The Cerber 4.0 was released in the wild a few weeks after the version 3.0, it encrypts files and appends a randomly generated file extension (while the previously used extensions were .cerber3, .cerber2, .cerber).

The newest variant has shifted from an HTML ransom note to an HTA one.

The experts noticed that recently Cerber 4.0 is mainly dropped by the RIG toolkit, which is also the most active Exploit kit in this period.

The RIG toolkit was observed for example in the PseudoDarkleech malvertising campaign that was previously seen distributing ransomware such as CrypMIC and CryptXXX.

“As we reported previously, Cerber has become one of the most prominent ransomware families of 2016. It has a wide range of capabilities and is often bought and sold as a service (ransomware-as-a-service or RaaS)—even earlier versions were peddled as RaaS in underground markets. The rapid release of Cerber updates have made it an increasingly popular payload for several exploit kits. ” reported TrendMicro.

The experts also noticed another malvertising campaign dropping the Cerber 4.0 via the Magnitude exploit kit. The campaign has been seen targeting devices in numerous Asian countries, including Taiwan, Korea, Hong Kong, Singapore, and China.

The experts noticed many  other campaigns leveraging on the Cerber 4.0 including one that usually employs a casino-themed fake advertisement.

cerber-4-0

Another campaign started on October 3 is leveraging the Neutrino exploit kit to target users in the US, Germany, Spain, Taiwan, and Korea.

Malvertising and exploit kits in general are being developed and improved constantly by cybercriminals, so keeping software updated with the latest security patches is critical for users and enterprises. This includes both the operating system and all applications being used. Make sure there is a security system in place that can proactively provide a comprehensive defense against attackers targeting new vulnerabilities,” Trend Micro researchers note.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cerber 4.0, ransomware)