Cerber Ransomware

Results 1 to 6 of 6
  1. #1
    Preparing Riizq is offline
    Alpha MaleRank
    Sep 2011 Join Date
    1,844Posts

    Cerber Ransomware

    Okay this is a thing right now...
    Guys.. fuq my computer is infected with this virus... stupid of me to turn off my windows defender. Actually I was annoyed by the contant popups from windows defender. So I turned it off. Was surfing on the net and wanted to open a few images I downloaded earlier... but to my surprise it showed invalid image. I tried other images too even movies and other applications. Everything is infected in my computer.

    Here are a few sites to read about this virus. This thing is a ransomware... they encrypt all your files on your computer and demand a price to get the key to decrypt them.

    Read more about this thing here. And be really cautious about this virus. And if you are on windows... do not turn off windows defender even if it annoys you

    1) The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You
    2) https://blog.malwarebytes.org/threat...ew-but-mature/

    - - - Updated - - -

    They have a text file where they have provided the instructions on what to do..

    And I was reading and I found this.
    erber Ransomware Project is not malicious and is not intended to harm a
    person and his/her information data.

    The project is created for the sole purpose of instruction regarding
    information security, as well as certification of antivirus software for
    their suitability for data protection.

    Together we make the Internet a better and safer place.
    - - - Updated - - -

    Although my files were not super important. And losing them isn't that a big of a deal. I will not paying them sure as heck.
    But I just wanted to inform you guys. Stay cautious. And keep the windows defender on. Always no matter the popups.
    Selling 8gb i5 4 Cores Dedicated Server. 1gbps download, unlimited bandwidth with500 gbps DDoS Protection
    PM Me.


  2. #2
    Hardcore Member Pagefault404 is offline
    MemberRank
    Mar 2016 Join Date
    Realm 6.2Location
    136Posts

    Re: Cerber Ransomware

    Kind of a necro-post, but I feel I have relevant information to add to this

    Windows Defender likely would not have protected you from this to begin with unless it's older Ransomware. WD has about a 70% detection rate, so while it's not great, it's better than nothing. However there's nothing more dangerous than a false sense of security. I digress.

    Crypto ransomware can be defeated by following some of the IT best practices for the corporate world. What I mean by this is, bottom line, software like this can only modify the files that the infected account has rights to. So take your rights away.

    Least Privilege Principal - Anyone who is familiar with the Unix or Linux operating environments knows this mantra by heart: NEVER USE ROOT FOR EVERYDAY USE. Logging on as root to do your everyday computing is the worst idea when security is concerned. Microsoft, however, encourages this as user accounts are created as administrators by default. If you're logged in as an admin, any virus or malware that's infected you has the same rights you do. When setting windows up for the first time, it's important to create an admin account, sure. With the admin account, create the account you're going to use for every day stuff. Log out of admin, log into normal user account and never log back in as admin again. If windows needs admin rights to do something, you will be prompted for the password of your admin account. If you start getting prompted for credentials for no reason, something is going on that you need to investigate.

    Keep essential files away from your main system - If you want to go the extra paranoid route, you can always keep an older, non used system on your network with all of your drives on it. On the older system, create an account with the exact same username/password as your admin account, and use SMB to access those drives across the network. The first time you hit those drives, it will force you to authenticate. Give your admin account read only access from the other system. This will keep cryptoware from being able to affect those files.

    All of this sounds super convoluted, however in IT security, there is no such thing as a perfect balance between convenience and security.

  3. #3

    Re: Cerber Ransomware

    Here's a perfect ballance for you. Use your common sense when downloading stuff from the internet. Ransomware usually comes with cracked software, or otherwise illegally obtained software. Of course there is always the possibility that an official site is hacked and instead of the proper software you are provided with the infected one, but that's like 0.001% out of 100%.

    So overall no antivirus will save you from ransomware/trojans/mallware, since most of them ask you to disable your antivirus anyways when installing your favorite cracked software. There is also a possibility of cracked OS itself to have it, triggering it later in time.

  4. #4
    Hardcore Member Pagefault404 is offline
    MemberRank
    Mar 2016 Join Date
    Realm 6.2Location
    136Posts

    Re: Cerber Ransomware

    Quote Originally Posted by Mucski
    "Use your common sense when downloading stuff from the internet. "


    This. So much this. Basically treat everything you download from the internet as infected and don't trust it. Nothing is ever free, even software. Malware is the price you pay.

  5. #5
    Registered maiyawon is offline
    MemberRank
    Sep 2016 Join Date
    6Posts

    Re: Cerber Ransomware

    Any type of ransomware can be blocked using a Firewall. Most people don't even use one now a days. Windows Firewall Control would have told you the file requested internet access. if you clicked deny it wouldn't be able to contact the command and control server to send a symmetric key or receive a public key.

    And no your router firewall is not enough, it only blocks inbound traffic, NOT OUTBOUND. (unless manually setup.)

  6. #6
    Hardcore Member Pagefault404 is offline
    MemberRank
    Mar 2016 Join Date
    Realm 6.2Location
    136Posts

    Re: Cerber Ransomware

    Windows firewall does not block application outbound requests unless you go into local policy and set to to do so. OOB Windows Firewall permits outbound access.

    Source: https://www.grc.com/lt/leaktest.htm

    Download leaktest.exe and try it. An almost decade old application can STILL get around windows firewall.

    - - - Updated - - -

    This is a capture from my windows 10 machine. OOBE windows firewall settings.

    "Outbound connections that do not match a rule are allowed"

    Imgur: The most awesome images on the Internet



Advertisement