Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Check Point Researchers Unravel Complex Money Trail of ‘Cerber,’

August 2016 by Check Point

Check Point® Software Technologies
Ltd, published new findings on one of the largest
active ransomware-as-a-service franchises in the world, Cerber. The report offers an
unprecedented behind-the-scenes view into the complex cyber campaign, not only
shining a light on the growing ransomware-as-a-service industry, but revealing a
path researchers are now using to help individuals and businesses gain access to
their encrypted files – without paying the increasingly inflated ransoms of cyber
criminals.

In a 60-page report, Check Point’s Threat Intelligence and Research Team, along with
research partner IntSights Cyber Intelligence, identify new details and analysis on
Cerber’s technical and business operation, revealing:

· Of all ransomware, the Cerber infection rate is significantly higher and
more profitable. Cerber is currently running more than 160 active campaigns across
the globe, with total annual projected revenue of approximately $2.3 million. Each
day eight new campaigns on average are launched; in July alone, the research
revealed approximately 150,000 victims affected in 201 countries and territories.

· Cerber affiliates have become successful money launderers. Cerber uses the
Bitcoin currency to evade tracing, and creates a unique wallet to receive funds from
each of its victims. Upon paying the ransom (usually one Bitcoin, which is currently
worth $590), the victim receives the decryption key. The Bitcoin is transferred to
the malware developer through a mixing service, which involves tens of thousands of
Bitcoin wallets, making it almost impossible to track them individually. At the end
of the process, the money reaches the developer, and the affiliates receive their
percentage.

· Cerber is opening the doors for more would-be hackers. Cerber enables
non-technical individuals and groups to take part in the highly profitable business
and run independent campaigns, using a set of assigned Command & Control (C&C)
servers and a convenient control panel available in 12 different languages.

Since June 2016, Check Point and IntSight have been charting a comprehensive map of
the complex system developed by Cerber, as well as its global distribution
infrastructure. Researchers were able to regenerate actual victim wallets, allowing
the team to monitor payments and transactions, and opening the door to track both
the revenue gained by the malware and the money flow itself. Further, this
information provided the blueprint for a decryption tool that could remedy infected
systems without individuals or businesses bending to cyber-criminal ransom demands.

“This research provides a rare look at the nature and global targets of the growing
ransomware-as-a-service industry,” said Maya Horowitz, group manager, Research &
Development, Check Point. “Cyber-attacks are no longer the sole essence of
nation-state actors and of those with the technical ability to author their own
tools; nowadays, they are offered to anyone and can be operated fairly easily. As a
result, this industry is growing extensively, and we should all take the proper
precautions and deploy relevant protections.”

For more information on the findings, the full report ‘CerberRing: An In-Depth
Exposé on Cerber Ransomware-as-a-Service’ can be found here:
http://www.checkpoint.com/resources/cerberring/. In addition, for the steps a
business or individual can take to decrypt a file infected with Cerber-based
malware, visit: http://cerberdecrypt.com.

Check Point’s Threat Intelligence & Research divisions regularly investigate
attacks, vulnerabilities and breaches, and develop protections to secure Check
Point’s customers.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts