It is of no doubt that ransomware is the newest gimmick of cybercriminals, with its adoption rates soaring over time. With this in consideration, a new analysis report by cybersecurity researchers at Check Point Software, together with IntSights Cyber Intelligence has recently been released, analyzing the Cerber ransomware regarding the trends on the campaign, as well as the burgeoning ransomware-as-a-service business.
The 60-page report, entitled 'CerberRing: An In-depth exposé on Cerber ransomware-as-a-service' discovered that at least eight new ransomware campaigns are released every day, which have successfully infected 150,000 victims in 201 countries in the past month. With this, cybercriminals reportedly earn at least $195,000 in profit, with the authors keeping 40%, or equal to $78,000. From a yearly perspective, the author of the ransomware is seen to likely earn an approximate sum of $946,000 in one year.
The cybercriminals still earn such a huge amount of money, even after it was recorded that only 0.3% of victims chose to pay the ransom money of 1 BTC, equal to $590 today.
The highest number of infections and payments were reportedly recorded in South Korea, while the United States places second best to the countries paying in order for their files to be decrypted. Other countries that made the list are Taiwan, China, Pakistan, Hong Kong, Israel, and Italy.
The Cerber ransomware was discovered in early 2016. While it does a ransomware's typical job of encrypting the files and asking for payment, it also plays on the victim's fears by 'speaking' to them. The crypto-malware drops a .VBS file onto the victim's computer once the encryption process is done. When opened, it activates a sound clip reading the ransom note.
Furthermore, using a set of assigned Command and Control (C&C) servers, together with a control panel available in 12 languages, Cerber allows almost anyone to take part in the campaign, and earn from it, much like Petya and Mischa ransomware's affiliate programs.
Ransomware like Cerber use the Bitcoin currency in order to avoid detection and tracing. It generates a unique Bitcoin wallet, where they can receive the funds from the victim. Once paid, the money is transferred over to a mixing service, which includes thousands of other Bitcoin wallets, making it impossible for the transaction to be traced. The incoming funds will be then divided within the developer, who gets 40%, and the affiliates splitting 60%.
The research emphasizes how easy it is becoming for almost anyone to become a ransomware distributor. It states:
The highly profitable business of ransomware is no longer reserved only for skilled attackers. Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant and the designated set of command and control (C&C) infrastructure servers required to easily manage a successful ransomware campaign.
Lastly, the report also notes that Cerber seems to have originated in Russia, as some of its advertisements appeared in the Russian language. In addition, the researchers found that the crypto-malware does not infect targets in the countries of Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine and Uzbekistan. This move reputedly allows the ransomware developers to avoid legal consequences that could come from the aforementioned countries.
In light of these discoveries, as per usual, we highly advise our readers to be careful with their activities on the internet, in order to avoid getting infected with such malware in the future.