Cerber ransomware now targets databases
Security company McAfee warns that the cybercriminals behind the Cerber ransomware have begun to target businesses as well as individuals by encrypting their databases until payment is received.
During July, those responsible for Cerber launched over 160 campaigns at 150,000 users. These attacks generated $195,000 in that month -- of which the developer behind the ransomware received $78,000. Overall it is estimated that creating and using ransomware to launch cyberattacks earns the creators of the malware and those who employ it in their attacks around $1 million to $2.5 million a year. The infosec firm Trustwave noted in 2015 that a ransomware creator could earn up to $84,000 a month just by selling their malware on the dark web.
According to the security strategist Matthew Rosenquist, cybercriminals will likely move on from individuals to businesses in an effort to earn even more from their attacks. Rosenquist offered further insight on the shift in how ransomware is being deployed, saying: "[Cerber] now attempts to stop database processes running on the target system so it can encrypt the data. This is a significant shift in focus from consumers to businesses, which typically run databases containing important operational data. When database files are open and in use by software, they cannot easily be encrypted".
This is not the first time that ransomware has been used to target businesses and a few attacks have occurred in the past where the databases and documents of large organizations were encrypted for exorbitant amounts. However, these cases were much smaller in scope and only targeted a limited number of organizations.
In order to stay alert regarding Cerber, Rosenquist recommends keeping an eye on databases that stop abruptly, as this may be an indication that Cerber has begun to encrypt the database.
Currently, there is no way to decrypt files that have been encrypted by Cerber so businesses and individuals should take extra precautions to avoid being infected with the malware.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.