Researchers at Forcepoint have discovered an email campaign distributing double zipped files with Windows Script Files (WSFs) inside which, when executed, download the Cerber crypto-ransomware.
Cerber is a highly customisable crypto-ransomware that encrypts local files and requests a payment to get files decrypted, which is believed to be being sold under a ransomware-as-a-service model on Russian underground forums. This means there is no one malware author, but rather several actors distributing their own Cerber builds in different ways – some via exploit kits and others via email.
It has previously been seen distributed via exploit kits and over email using DOC files with macros, but this is the first time it has been seen distributing via WSFs.
Actors distributing malware over e-mail are constantly changing their techniques in order to bypass security solutions – it is important for us all to remain vigilant when opening e-mails, especially attachments and links that are contained within them.
For more information on this discovery visit the Forcepoint blog.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…