Cerber ransomware has acquired the what is micro bitcoin of being one of the most rapidly evolving ransomware families to date. Just in May, we pointed out how it had gone through six separate versions with various differences in its routines. Several months later and it seems to have evolved again, this time adding cryptocurrency theft to its routines. This is on top of its normal ransomware routines, giving the attackers two ways to profit off of one infection.
Some details of Cerber haven’t changed, though. In most respects, this Cerber variant is identical to the versions we spotted in May, but with a new nuance to its behavior: it now targets Bitcoin wallets for theft as well. Two things are worth noting. Theft of these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question. This isn’t the only information stolen by this new Cerber variant. It also tries to steal the saved passwords from Internet Explorer, Google Chrome, and Mozilla Firefox.
This new feature shows that attackers are trying out new ways to monetize ransomware. Stealing the Bitcoins of targeted users would represent a valuable source of potential income. Cerber’s entry vector onto systems didn’t change, so known best practices against it would still work. Our machine learning capabilities are tuned to account for attacks using techniques employed by ransomware like Cerber. Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security. Read our security predictions for 2018.