Almost 50 percent of the infections have been detected in the United States, with Turkey and UK also in the top three.
Cerber ransomware is a malware threat that has been infecting users all around the world since it first emerged in February of this year. However, researchers have recently observed some more targeted campaigns directed mainly to users in the United States, Turkey, and the United Kingdom.
The activity in the ransomware-like threats has been growing steadily with many malicious scripts emerging in the first half of the year. Only a few, however, have managed to grow into worldwide threats and the Cerber ransomware is one of the leaders in that spect.
This notorious malware has received several updates since it was first detected and is currently causing serious worries to users in numerous countries. Cerber is mostly distributed through phishing emails with malicious attachments. Therefore, security experts advise users to avoid opening emails from unknown sources in order to prevent infections. The latest analyses of the threat, however, have shown that Cerber might be packed with new capabilities and could be distributed even through DDoS attacks.
Almost 50 percent of the infections have been detected in the United States, which is indeed the target of choice for the hackers. In the top three there are also Turkey with 15% and the United Kingdom with 9% of all infections. However, countries like Taiwan, Malaysia, Japan, Brazil, Australia, Canada, Portugal, Spain, and Germany have also been affected by Cerber. The Ransomware’s main distribution has come as a result of two highly active and very lucrative for the cyberciminals waves – one in April and one in May. According to security researchers, these two are not the only campaigns we would see, and we should be expecting more activity spikes in the next months.
Cerber is an extremely notorious threat that launches its attacks through very sophisticated methods. The ransomware applies AES-265 and RSA encryption and also destroys system backups, ensuring that victims cannot recover the encrypted files. After successfully encrypting the files in the compromised system, a ransom note would be displayed. Not only that, but the malware ensures its persistence by launching a “watchdog”, which prevents any attempts at uninstalling the infection.
In order to avoid close encounters with malicious crypto viruses from this type, users are advised to stay updated about new threats and their distribution campaigns as well as to protect their systems with reputable antivirus and antimalware software. Staying away from suspicious content is always a wise prevention method as well.