Cerber, the talking ransomware that reads victims their ransom note, has evolved to do what researchers are calling a “never-before-seen trick” by generating new hashes every 15 seconds to defeat signature-based threat detection.
The trick, called a “hash factory” attack, is designed to defeat security solutions that rely on the identification of known malware hashes, according to a June 2 Invincea blog. It is carried out by the server that delivers the payload using a server-side “malware factory” to morph the ransomware's payload to generate the unique hashes, the blog said.
Cerber also now has the potential to be used as part of DDoS attacks. The ransomware was first detected earlier this year and encrypts victims' files using AES encryption before demanding a payment of $500 to unlock them.
Researchers spotted the Cerber being distributed via Neutrino and Angler Exploit Kits.