Updated: A team of Check Point researchers have tracked two large waves of attacks using Cerber ransomware in the last few months with more spikes in the number of incidents expected.
While Cerber has been steadily used since earlier this year, two spikes took place in between April 4-18 and then again between May 17-30, Check Point reported. In each case the majority of attacks hit targets in the United States, 41 percent; Turkey, 15 percent; and the U.K., nine percent. Seven other nations also experienced an uptick in the number of attacks during these two periods, but at a much lower rate.
"We have no doubt that we will continue to see spikes in Cerber's activity," the report stated.
Check Point estimates the number of attacks that have taken place at about 600..
The research firm also detailed its reasoning behind why the attack took place in waves.
“It allows the attackers to control their operation closely for a short period of time, without the need for constant management, which can require large resources. Second, striking in waves enables the attackers to make necessary code changes, improving their malware and evasion techniques between bursts. Since static security solutions focus on signatures of the malware, attackers can morph their malware until it is unrecognized by these signatures, rendering them useless. Lastly, this pattern can also be caused by changes in the distribution infrastructure,” said Gadi Naveh, a threat prevention researcher with Check Point to SCMagazine.com via email.
One change that does coincide with these events Cerber has recently been spotted being advertised as a ransomware as a service on several Russian dark web forums.Updated with Check Points estimate on the number of attacks.