Menu
Cerber ransomware rakes in cash by recruiting unskilled hackers

Cerber ransomware rakes in cash by recruiting unskilled hackers

Cerber's creators take 35 percent of the profit, and the rest goes to partners

A ransomware strain has been making a pretty penny by opening its doors to unskilled hackers. 

Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets -- and rake in more cash. 

Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes. 

"Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant," it said in a new report.

As a result, the Cerber strain could generate close to US$1 million a year for its creators, Check Point said in its report released Tuesday.

The company partnered with Israel-based IntSights to trace the Internet activity of the Cerber ransomware, which has been available for sale on the black market. They found that Cerber has become a slick online service that continually recruits partners willing to spread it.

Partners who sign up can earn as much as 65 percent from every Cerber campaign they launch. The rest goes to Cerber’s creators, who make the ransomware easy to use with a web interface.

To bring in new partners, the makers of Cerber have been advertising the service in underground forums. However, the ransomware has also been giving away clues on its operations. Every Cerber infection sends off data to a large number of IP addresses, making its activity easy to trace, according to Check Point.

The company managed to decode the data and discovered that Cerber had infected almost 150,000 computers across the globe in July alone.

Cerber tries to extract payment in bitcoin by encrypting the computer’s data, and holding it hostage. However, in an interesting finding, very rarely do the victims ever pay a ransom, Check Point said.

In July, only 0.3 percent of the victims did so -- a figure that doesn't seem very impressive.

But that was still probably enough to bring in $195,000 in total profit, which translated into a harvest of $78,000 for the makers of Cerber, according to Check Point’s estimates.

“From a yearly perspective, the ransomware author’s estimated profit is approximately $946,000,” the company added.

It’s still unclear who’s behind Cerber, although the ransomware hasn't infected computers located in Russia and other countries in Eastern Europe and Central Asia.

The highest number of Cerber infections have occurred in South Korea, while the U.S. ranks fourth, Check Point said. Infections commonly come through email attachments or by visiting a malicious website. 

For instance, Check Point found that one cyber criminal was spreading Cerber by sending legitimate-looking job applications through email. To protect themselves, users should be careful  when opening suspicious emails or internet links.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments