Threat Management, Malware, Threat Management

Talking ransomware gets more bite, Cerber now has ‘hash factory’ and DDoS capabilities


Cerber, the talking ransomware that reads victims their ransom note, has evolved to do what researchers are calling a “never-before-seen trick” by generating new hashes every 15 seconds to defeat signature-based threat detection.

The trick, called a “hash factory” attack, is designed to defeat security solutions that rely on the identification of known malware hashes, according to a June 2 Invincea blog. It is carried out by the server that delivers the payload using a server-side “malware factory” to morph the ransomware's payload to generate the unique hashes, the blog said.

Cerber also now has the potential to be used as part of DDoS attacks. The ransomware was first detected earlier this year and encrypts victims' files using AES encryption before demanding a payment of $500 to unlock them.

Researchers spotted the Cerber being distributed via Neutrino and Angler Exploit Kits.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.