Ransomware-as-a-service isn't new and speaks volumes about just how sophisticated the cybercriminal operations behind them have become — they run like businesses. But a ransomware called Cerber takes this idea to a new level as it operates more like a franchise. We spoke to a CheckPoint security expert about the Cerber ransomware.
Security vendor CheckPoint recently ran an investigation on Cerber to get a complete picture of the ransomware's activities. So far, the vendor has found Cerber running 161 active campaigns and launching eight new ones on a daily basis. It has successfully infected around 150,000 users worldwide.
Speaking with Lifehacker Australia, CheckPoint security engineer Raymond Shippers said what sets Cerber apart is that it is highly organised in terms of the way it spreads and how the money is distributed. The extent and scale of the ransomware campaigns are also noteworthy.
"It uses affiliate programs, kind of like a franchise," he said. "People can just sign up for Cerber and run it as a service. No technical skills or abilities are required to start spreading it and get money from it. You can do it even if you're just one person with no technical skills."
Ransom is paid through Bitcoin and the cybercriminals managing Cerber uses Bitcoin mixing services to avoid the funds being tracked. But since CheckPoint taps into command and control (CNC) communication of the ransomware, it is able to look at how much money has been paid up and the ransoms that are demanded.
While this franchise ransomware-as-a-service model that Cerber uses makes the ransomawre easier to spread, there are some drawbacks. For one, just like a franchise, the profits made from the ransomware is shared; approximately 60 per cent ends up with Ceber's affiliates.
CheckPoint had released a decryptor for victims of Cerber, but the cybercriminal ring behind the ransomware has already figured out how to bypass it. The vendor is now working on an update for the decryptor.
If you're worried about falling prey to ransomware, we have some tips on how to avoid it.
You can learn more about Cerber in CheckPoint's report.