Ransomware Variant Eludes Detection Machine Learning Algorithms

By Marcos Colon

A variant of the Cerber ransomware has made itself much harder to detect by adopting a new technique that thwarts a popular detection mechanism.

Researchers at security firm Trend Micro have discovered that the variant can evade detection by machine learning solutions, according to a recent alert issued by the company.

Similar to other ransomware attacks, this variant of Cerber is distributed via email. But the malware differs from others in that it separates its different stages into multiple files to evade how machine learning solutions operate.

“The industry has created features to proactively detect malicious files based on features instead of signatures,” wrote Gilbert Sison, team manager at Trend Micro. “The new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches-i.e, methods that analyze a file without any execution or emulation.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.