Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Cerber Ransomware

Preparing
Loyal Member
Joined
Sep 18, 2011
Messages
1,104
Reaction score
257
Okay this is a thing right now...
Guys.. fuq my computer is infected with this virus... stupid of me to turn off my windows defender. Actually I was annoyed by the contant popups from windows defender. So I turned it off. Was surfing on the net and wanted to open a few images I downloaded earlier... but to my surprise it showed invalid image. I tried other images too even movies and other applications. Everything is infected in my computer. :*:

Here are a few sites to read about this virus. This thing is a ransomware... they encrypt all your files on your computer and demand a price to get the key to decrypt them.

Read more about this thing here. And be really cautious about this virus. And if you are on windows... do not turn off windows defender even if it annoys you :*:

1)
2)



They have a text file where they have provided the instructions on what to do..

And I was reading and I found this.
erber Ransomware Project is not malicious and is not intended to harm a
person and his/her information data.

The project is created for the sole purpose of instruction regarding
information security, as well as certification of antivirus software for
their suitability for data protection.

Together we make the Internet a better and safer place.



Although my files were not super important. And losing them isn't that a big of a deal. I will not paying them sure as heck.
But I just wanted to inform you guys. Stay cautious. And keep the windows defender on. Always no matter the popups.
 
Junior Spellweaver
Joined
Mar 22, 2016
Messages
192
Reaction score
32
Kind of a necro-post, but I feel I have relevant information to add to this

Windows Defender likely would not have protected you from this to begin with unless it's older Ransomware. WD has about a 70% detection rate, so while it's not great, it's better than nothing. However there's nothing more dangerous than a false sense of security. I digress.

Crypto ransomware can be defeated by following some of the IT best practices for the corporate world. What I mean by this is, bottom line, software like this can only modify the files that the infected account has rights to. So take your rights away.

Least Privilege Principal - Anyone who is familiar with the Unix or Linux operating environments knows this mantra by heart: NEVER USE ROOT FOR EVERYDAY USE. Logging on as root to do your everyday computing is the worst idea when security is concerned. Microsoft, however, encourages this as user accounts are created as administrators by default. If you're logged in as an admin, any virus or malware that's infected you has the same rights you do. When setting windows up for the first time, it's important to create an admin account, sure. With the admin account, create the account you're going to use for every day stuff. Log out of admin, log into normal user account and never log back in as admin again. If windows needs admin rights to do something, you will be prompted for the password of your admin account. If you start getting prompted for credentials for no reason, something is going on that you need to investigate.

Keep essential files away from your main system - If you want to go the extra paranoid route, you can always keep an older, non used system on your network with all of your drives on it. On the older system, create an account with the exact same username/password as your admin account, and use SMB to access those drives across the network. The first time you hit those drives, it will force you to authenticate. Give your admin account read only access from the other system. This will keep cryptoware from being able to affect those files.

All of this sounds super convoluted, however in IT security, there is no such thing as a perfect balance between convenience and security.
 
Joined
Oct 31, 2005
Messages
3,112
Reaction score
1,539
Here's a perfect ballance for you. Use your common sense when downloading stuff from the internet. Ransomware usually comes with cracked software, or otherwise illegally obtained software. Of course there is always the possibility that an official site is hacked and instead of the proper software you are provided with the infected one, but that's like 0.001% out of 100%.

So overall no antivirus will save you from ransomware/trojans/mallware, since most of them ask you to disable your antivirus anyways when installing your favorite cracked software. There is also a possibility of cracked OS itself to have it, triggering it later in time.
 
Junior Spellweaver
Joined
Mar 22, 2016
Messages
192
Reaction score
32
Mucski said:
"Use your common sense when downloading stuff from the internet. "


This. So much this. Basically treat everything you download from the internet as infected and don't trust it. Nothing is ever free, even software. Malware is the price you pay.
 
Newbie Spellweaver
Joined
Sep 27, 2016
Messages
6
Reaction score
1
Any type of ransomware can be blocked using a Firewall. Most people don't even use one now a days. Windows Firewall Control would have told you the file requested internet access. if you clicked deny it wouldn't be able to contact the command and control server to send a symmetric key or receive a public key.

And no your router firewall is not enough, it only blocks inbound traffic, NOT OUTBOUND. (unless manually setup.)
 
Junior Spellweaver
Joined
Mar 22, 2016
Messages
192
Reaction score
32
Windows firewall does not block application outbound requests unless you go into local policy and set to to do so. OOB Windows Firewall permits outbound access.

Source:

Download leaktest.exe and try it. An almost decade old application can STILL get around windows firewall.



This is a capture from my windows 10 machine. OOBE windows firewall settings.

"Outbound connections that do not match a rule are allowed"

 
Back
Top