1.    30 Mar 2017 #1
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,939
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    Dangerous form of ransomware has just evolved to be harder to spot


    One of the most dangerous forms of ransomware has just evolved to be harder to spot

    Malicious loaders delivered by self-extracting Dropbox files enable payloads to bypass detection.
    Identified by Trend Micro, the new Cerber variant is, like most ransomware, delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox which downloads and self-extracts the Cerber payload.

    However, in order to evade detection and monitoring by cybersecurity researchers, this version of Cerber will check to see if it's running on a virtual machine, sandbox, or if certain products are running on the machine -- and if it spots any of these, it'll stop running. Why? Because it's in the best interests of the criminals behind it that their code doesn't get analysed.

    It's because of this that the actors behind Cerber have gone to the trouble of repackaging the delivery method and loader in order to get around cybersecurity products which can detect malicious files based on features instead of signatures.

    But by deploying a self-extracting mechanism, it's possible for the file to not look malicious, even to machine learning tools.
    One of the most dangerous forms of ransomware has just evolved to be harder to spot | ZDNet
      My ComputerSystem Spec
  2.    31 Mar 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,863
    Windows 10.4 Home 1709 x64

    When the victim opens the attached Word document, the malicious macro writes a small piece of VBScript into memory and executes it. This VBScript executes PowerShell to connect to an attacker-controlled server and download the ransomware
    Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection Threat Research Blog

    And all it takes to prevent it and majority of malware is this (most users do not need WSH).
    Getting rid of powershell helps enormously too, but some users might find it bothersome.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    The reason, AV companies do not post details, so people would not know, how easy it is to avoid, without AV.
      My ComputerSystem Spec
  3.    02 Apr 2017 #3

    Hi there

    If a computer has this sort of problem -- DO NOT EVEN THINK about "repairing it in situ" - CLEAN RESTORE is the only 100% OK solution. Also registry hacks are a waste of time --if some of this evil Ransomware is as sophisticated as it seems to be it will easily get round those "protections".

    1) Always have a CLEAN backup of your OS - No excuse not to - Free Macrium works very well indeed and can be booted off a USB.

    2) Backup OS regularly - preferably nightly and keep say 3 copies OFFLINE of course

    3) Keep OS+applications SEPARATE from your DATA (e,g photos, music, videos, office documents etc)

    4) backup important data every so often

    5) If Ransomware rears its ugly head -- SWITCH OFF COMPUTER IMMEDIATELY -- Do not use shutdown etc --simply Hard power off.

    6) (optional) re-format OS partition (including system reserved one) HDD with a bootable program such as windows recovery Disc --

    7) Boot stand alone Macrium and restore clean copy of OS.

    8) verify your data files

    Then have a nice stiff drink and make the appropriate - I believe is it the "2 fingered salute" to those scumbags who think they are clever dishing out Ransomware. Your computer is now as good as new again !!!!

    Note -- to those who know Linux an excellent GUI for copying / comparing / verifying files etc is GRSYNC.
    I use this one almost exclusively for backing up DATA but that's another issue.

    Further note to anybody reading this thread -- I've posted (as others) almost AD NAUSEAM the importance of BACKUPS -- it hardly takes long these days to back up the OS and external HDD's are mega cheap too.

    THERE IS SIMPLY NO EXCUSE FOR NOT TAKING BACKUPS


    - and if people did take backups then 99% of the problems encountered in this section of the Forum would be avoided.

    Cheers
    jimbo
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Bundled Mobile Apps are a Bright Spot for Windows 10
Read more: Bundled Mobile Apps are a Bright Spot for Windows 10 - Thurrott.com
Windows 10 News
File Explorer window doesn't stay in one spot...
So I upgraded to Win 10 and so far I like it, but a problem which I find annoying: Whenever I open file explorer the window tends to move from where I placed it. What I mean is I place the window directly in the center, as I like it. When I open...
General Support
Elite controller - spot the difference..
47454 47455 - about £65 - and that is just crazy!! :confused:
Drivers and Hardware
Two dimensional interface harder to interpret?
Does anyone else feel that the "new" (old?) two-dimensional feel of Windows 10 makes it a bit harder to interpret where one window ends and another begins when there are multiple windows/dialogues stacked on top of each other?
General Support
Google's look evolved
... sportin a new look! ... and favicon! 35223 Source
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:30.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums