Cerber Is A Ransomware That Is Run Like A Franchise

Ransomware-as-a-service isn’t new and speaks volumes about just how sophisticated the cybercriminal operations behind them have become — they run like businesses. But a ransomware called Cerber takes this idea to a new level as it operates more like a franchise. We spoke to a CheckPoint security expert about the Cerber ransomware.

Security vendor CheckPoint recently ran an investigation on Cerber to get a complete picture of the ransomware’s activities. So far, the vendor has found Cerber running 161 active campaigns and launching eight new ones on a daily basis. It has successfully infected around 150,000 users worldwide. [related title=”More Stories on Ransomware” tag=”ransomware” items=”5″]

Speaking with Lifehacker Australia, CheckPoint security engineer Raymond Shippers said what sets Cerber apart is that it is highly organised in terms of the way it spreads and how the money is distributed. The extent and scale of the ransomware campaigns are also noteworthy.

“It uses affiliate programs, kind of like a franchise,” he said. “People can just sign up for Cerber and run it as a service. No technical skills or abilities are required to start spreading it and get money from it. You can do it even if you’re just one person with no technical skills.”

Ransom is paid through Bitcoin and the cybercriminals managing Cerber uses Bitcoin mixing services to avoid the funds being tracked. But since CheckPoint taps into command and control (CNC) communication of the ransomware, it is able to look at how much money has been paid up and the ransoms that are demanded.

While this franchise ransomware-as-a-service model that Cerber uses makes the ransomawre easier to spread, there are some drawbacks. For one, just like a franchise, the profits made from the ransomware is shared; approximately 60 per cent ends up with Ceber’s affiliates.

CheckPoint had released a decryptor for victims of Cerber, but the cybercriminal ring behind the ransomware has already figured out how to bypass it. The vendor is now working on an update for the decryptor.

If you’re worried about falling prey to ransomware, we have some tips on how to avoid it.

You can learn more about Cerber in CheckPoint’s report.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments