Ransomware Strain Upgraded to Be Able to Bypass Anti-Virus Software

Media Division | February 22, 2017

The threat landscape is constantly evolving, changing, and upgrading.  Cyber attackers are always looking for ways to develop new and better threats, as well as upgrade extant ones to improve their ability to be able to breach and compromise individuals and businesses.  In the case of one of the oldest forms of ransomware, a strain called Cerber, it has received a massive overhaul which has made it even more malicious.

How Cerber Functions

The previous version of Cerber would target and shut down antivirus and firewalls, which would leave systems defenseless.  Whereas, the new version of the ransomware keeps them running in the background, but is capable of evading their detection.  Which means at this current time, there is no capability to defend from this malicious ransomware.  In fact, to put this more into perspective, this malware has even been whitelisted by many known security solutions, and it is the first time this type of behavior has been noted.  It allows the ransomware to encrypt the rest of the system while leaving the security softwares alone.

It is uncertain whether this strain is being actively employed or distributed by criminals at this time.  Though, it is only a matter of time before it begins to make its rounds all over the world.  There have already been new approaches to ransomware in the past that are much more heavily employed than they used to be, such as strains that prevent the ability to restore from backups because of their ability to corrupt master boot records.  This new strain shows ingenuity from threat developers, and it may grow to be a much more heavily employed approach in the development of threats.

Defending Your Organization With Cyber Threat Intelligence

With the way that threats rapidly grow and develop, it is critical that an organization be ahead of the game with cyber security.  One small component of outdated security can be what allows a breach to cause massive amounts of damage.  This is where cyber threat intelligence can help a business to stay vigilant and proactive about their security.  There are typically whispers and patterns of a threat detected around different parts of the web before it becomes prominent.  Cyber threat intelligence systems can detect these indicators and relay alerts to organizations so that they can defend from these threats before they attack.  Massive Alliance’s cyber threat intelligence systems can be the difference between your organization defending against a threat, or becoming the victim of it.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.