Researchers at Forcepoint have discovered an email campaign distributing double zipped files with Windows Script Files (WSFs) inside which, when executed, download the Cerber crypto-ransomware.
Cerber is a highly customisable crypto-ransomware that encrypts local files and requests a payment to get files decrypted, which is believed to be being sold under a ransomware-as-a-service model on Russian underground forums. This means there is no one malware author, but rather several actors distributing their own Cerber builds in different ways – some via exploit kits and others via email.
It has previously been seen distributed via exploit kits and over email using DOC files with macros, but this is the first time it has been seen distributing via WSFs.
Actors distributing malware over e-mail are constantly changing their techniques in order to bypass security solutions – it is important for us all to remain vigilant when opening e-mails, especially attachments and links that are contained within them.
For more information on this discovery visit the Forcepoint blog.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…