Update Variant of Cerber Ransomware Capable of Bypassing Antivirus Files

It was only a matter of time until a new ransomware threat would make its appearance. Cerber, one of the longest-running strains of ransomware known to date, has received some massive upgrades which pose a legitimate security threat. The latest version is able to bypass antivirus security and firewalls, which leaves billions of internet-connected devices vulnerable to attack. For the time being, security researchers are working on a solution.

New Cerber Version Can Cause Big Problems

Any time a ransomware strain is upgraded to a new version, security researchers are legitimately concerned over what the future may bring. For Cerber, that future is looking bright, albeit its success will come at the cost of consumer security. Trend Micro analysts discovered the new Cerber variant this week. Albeit it is not the first iteration of this malware over the past few years, this version has a lot of people concerned for several reasons.

Unlike previous versions of this popular ransomware, the new Cerber sample does not interfere with firewall or antivirus activities. Previous versions would shut down one’s antivirus and firewall, rendering the system defenseless. The latest version will keep existing security solutions running in the background while being capable of evading detection at the same time. That is a rather disturbing development, as it means there is no course of action to defend against this new type of ransomware right now.

To put this new development into perspective, the updated Cerber ransomware has whitelisted a lot of popular security solutions. It is the first time this type of behavior is recorded by security experts, which could set a very dangerous precedent for other types of malware moving forward. It is also important to note antivirus and firewall tools will not have their files encrypted while the malware spreads, whereas the rest of the computer will still be affected.

Security researchers are trying to figure out why this change was introduced, albeit it seems there is a logical explanation for this type of behavior. Antivirus tools immediately flag any activity that affects files in their installation directories. Even if a user adds a file by copying it to the wrong folder by accident, the antiviral solution will get “triggered”. Cerber developers have found a way to bypass this problem in its entirety.

Malware developers continue to come up with new features and tools that make their creations even more dangerous than before. Ransomware is annoying enough to deal with already, due to its encryption of files and demand a payment tor restore file access. Quite a few different malware types do not even allow users to restore access to their computer by using a backup, due to master boot records being corrupted.

It is unclear if the new Cerber ransomware strain is actively distributed by criminals right now. Rest assured this new type of malware will make its way to computers and networks all over the world. Moreover, it would not be surprising to see other types of ransomware use a similar approach to avoid triggering existing security software solutions.  

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Leave a Reply