Cerber Bitcoin Ransomware Creators Use Dridex Spam Provider

The topic of Bitcoin ransomware has been touched upon multiple times over the past few months, but it appears as if Cerber ransomware attacks are on the rise once again. By sending spam email messages through the same infrastructure used by Dridex banking malware, it looks like this threat is far from over.

Cerber Ransomware Threat Looms Overhead

What sets Cerber ransomware apart from other offerings is how the software package uses text-to-speech when “talking” about the ransom note to infected victims. Even though this threat showed up not too long ago, it looks like a new wave of attacks is imminent. Consumers and enterprises are advised to take the necessary precautions.

It appears as if the people behind Cerber have partnered with the same spam distributor used to spread the Dridex banking malware throughout the world. This indicates Cerber is on the cusp of becoming a major globals threat in the coming months, and it could take on a scale of infection similar to what we have seen with Locky.

Dridex malware has been making a name for itself as well, as the code is designed to obtain sensitive financial credentials. The majority of these malware attacks stem forth from massive spam campaigns targeted financial corporations, with several millions of messages crossing the World Wide Web on a daily basis. Now that Cerber seems to be following the same path, it is impossible to tell what the consequences may be.

Spreading through malicious email attachments – disguised as an invoice – is nothing new in the cyber security world, yet it is still one of the most effective ways to infect as many computers as possible. One a computer has been infected; the tool detects if an Internet connection is present to download the ransomware itself.

Businesses and consumers need to ensure they have a backup of their sensitive data at all times, as that is the only way to prevent [major] data loss. But there is even more cause for concern now that Cerber seems to be install spambot modules on infected computers as well. Getting rid of this nasty software should be the primary goal for everyone dealing with this code at some point.

Source: Threatpost

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.