Cerber Ransomware: What You Need to Know

Cerber ransomware is a ransomware-as-a-service (RaaS) application that attacks your files by encrypting your important documents and database files. Learn how to protect your files from and keep your data safe.
Michael Buckbee
2 min read
Last updated April 4, 2022

What is Cerber?

Cerber ransomware is ransomware-as-a-service (RaaS), which means that the attacker licenses Cerber ransomware over the internet and splits the ransom with the developer. For a 40% cut of the ransom, you can sign-up as a Cerber affiliate and deliver all the Cerber ransomware you want. Most ransomware doesn’t use this service paradigm. Typically, an attacker would adapt and deliver the ransomware and keep all of the money. By setting up Cerber as RaaS the developer and partner are able to send more attacks with less work.

Cerber is an example of evolved ransomware technology. The author of the ransomware offloads the work of finding targets and infecting systems to a partner in exchange for a cut of the profit. The partner gets a highly functional piece of software they are free to distribute, and bitcoin keeps the exchanges all anonymous and difficult to track.

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”

How Do You Recognize Cerber Ransomware?

If the screenshot looks like your desktop wallpaper, you’ve been infected with the Cerber ransomware.

How Do You Recognize Cerber Ransomware?

Of course, if you do see that screen, it might be too late to save your files. You can try to pay the ransom and hope they send you the decryption key, but many people don’t. Cerber and ransomware are things that fall under the “ounce of protection equals a pound of cure” paradigm. Your best bet is to avoid infection in the first place.

How Do You Remove Cerber Ransomware?

The best and most complete option to remove Cerber ransomware is to rebuild your operating system from a backup. If you have a recent backup, you’ll also be able to recover your encrypted files. As Ripley said, “Nuke it from orbit, it’s the only way to be sure.”

Current Anti-Virus programs can detect most ransomware including Cerber, and prevent it from running. Once Ransomware has started to encrypt your files, take the affected computer offline to prevent it from spreading to other computers or network drives.

One of Cerber’s particulalry nasty tricks is that it’s easy to wrap inside other delivery mechanisms. For example, you could download a rootkit that can disable your Anti-Virus before it downloads and activates Cerber. After an infection, you can remove the Cerber ransomware, but that doesn’t necessarily mean you removed the malware that delivered the ransomware to your computer.

No matter what you do with the ransomware itself, you aren’t going to be able to get the files decrypted. Cerber uses RSA encryption, and it’s not feasible to crack that encryption in a timely manner – even for the most sophisticated computer. Hopefully, you have a good recent backup of your important documents.

How Do You Prevent Cerber Ransomware?

Cyberthieves distribute ransomware by phishing email or infected websites. The best way to prevent Cerber (or any ransomware) attacks is by practicing good cybersecurity. Here are a few tips:

  • Don’t get phished.
  • Keep your Anti-Virus software updated.
  • Backup your documents regularly.

Varonis DatAlert provides immediate response to limit ransomware attacks in progress that threaten your most important data.

Six Cerber Ransomware Statistics

cerber ransomware statistics

  • At its peak in early 2017, Cerber accounted for 26% of all ransomware infections.
  • In July 2016, about 150,000 windows users were infected by Cerber through 161 identified campaigns.
  • Cerber generated $2.3 million (estimated for attackers in 2016).
  • Cerber developers released updates almost weekly, which kept the ransomware out in the world for longer than usual.
  • In the first half of 2018, ransomware infections have dropped by 42% and 50% for businesses and consumers, respectively.
  • There have been 0 reported Cerber ransomware attacks in 2018 as attackers move to newer ransomware like GandCrab, SamSam, and Spartacus.

Get a 1:1 demo to learn how to set up alerts to trigger on known ransomware variants like Cerber, recognize ransomware activity, and stop cyberattacks before it’s too late.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

cyptmix-ransomware-claims-to-donate-your-ransom-payment-to-charity
CyptMix Ransomware Claims to Donate Your Ransom Payment to Charity
Unlike traditional ransomware notes that rely on fear-based tactics, a new ransomware strain called CyptMix preys on your generosity. Part of the ransom note reads: “Your money will be spent...
why-did-last-friday's-ransomware-infection-spread-globally-so-fast?
Why did last Friday's ransomware infection spread globally so fast?
Ransomware is a type of malware that encrypts your data and asks for you to pay a ransom to restore access to your files. Cyber criminals usually request that the...
a-brief-history-of-ransomware
A Brief History of Ransomware
Ransomware’s Early Days The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg1. Harvard-trained evolutionary biologist Joseph L. Popp sent 20,000 infected...
planet-ransomware
Planet Ransomware
If you were expecting a quiet Friday in terms of cyberattacks, this ain’t it. There are reports of a massive ransomware attack affecting computers on a global scale: in the...