As we all are very familiar with the Cerber Ransomware which grows rapidly with the updated version. The cyber hackers have released the three new versions of Cerber ransomware on this week with the most notable changes. Recently, it updated to Cerber 5.0.1 version. With the release of this version of Cerber ransomware, the developer of this ransomware have proven that they cannot be stopped. It has been detected in the parallel with the latest update of Locky’s that uses the .zzzzz file extension.
First of all, Cerber 5.0 has been spotted in the early of March which uses a different approach to informing the System users that they have been infected. It includes .vbs file with VBScript to compromised the machine. It adds . CERBER extension to encrypt the System files which was observed while scanning all accessible network share for the encrypted files.
By using the massive campaigns, Cerber has been seen various upgrades since March and the second major release has been observed in the early of August. Cerber 5.0.1 has released with some new changes on Cerber 5.0 which has been spotted by the most popular security researcher Bryan Campbell. The updated version of Cerber ransomware was estimated to generate $2.3 in an annual revenue.
Security researchers have been observed the Cerber 5.0 less than 24 hours after the 4.1.6 version has been released. After several hours, an updated Cerber 5.0.1 has been observing which show that the developer of this ransomware is very aggressive for updating their software.
According to the BloodDolly, the changes which are done in the version Cerber 5.0 are as follows :
- The latest updated version will now skip 640 bytes compared to the 512 bytes while encrypting a file.
- The minimum size of a file is now 2,560 bytes compared to the 1,024 bytes in the previous versions.
- Some changes in the IP ranges which used to send the statistical UDP packets such as 126.96.36.199/27, 188.8.131.52/27, 184.108.40.206/22.
Cerber 5.0.1 ransomware is mainly distributed via exploit kits and spam emails, specifically, Rig-V exploits kit. Like the previous variant, it generates encrypted file by using the 4 random alphabetic letters. This ransomware continues to search for the files and databases related to them and encrypt various file types database. After encrypting the files, this ransomware also drops a ransom note on the desktop screen to inform System users about the infection and drops an interactive .hta file with the information in various languages. Apart from these, the rest of the features are unchanged from the previous releases variant of Cerber ransomware.