Dangerous form of ransomware has just evolved to be harder to spot Solved

  1. Borg 386's Avatar
    Posts : 22,004
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       30 Mar 2017 #1

    Dangerous form of ransomware has just evolved to be harder to spot

    One of the most dangerous forms of ransomware has just evolved to be harder to spot

    Malicious loaders delivered by self-extracting Dropbox files enable payloads to bypass detection.
    Identified by Trend Micro, the new Cerber variant is, like most ransomware, delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox which downloads and self-extracts the Cerber payload.

    However, in order to evade detection and monitoring by cybersecurity researchers, this version of Cerber will check to see if it's running on a virtual machine, sandbox, or if certain products are running on the machine -- and if it spots any of these, it'll stop running. Why? Because it's in the best interests of the criminals behind it that their code doesn't get analysed.

    It's because of this that the actors behind Cerber have gone to the trouble of repackaging the delivery method and loader in order to get around cybersecurity products which can detect malicious files based on features instead of signatures.

    But by deploying a self-extracting mechanism, it's possible for the file to not look malicious, even to machine learning tools.
    One of the most dangerous forms of ransomware has just evolved to be harder to spot | ZDNet
      My ComputerSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,479
    Home 1809 x64 10.0.17763.165
       31 Mar 2017 #2

    When the victim opens the attached Word document, the malicious macro writes a small piece of VBScript into memory and executes it. This VBScript executes PowerShell to connect to an attacker-controlled server and download the ransomware
    Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection Threat Research Blog

    And all it takes to prevent it and majority of malware is this (most users do not need WSH).
    Getting rid of powershell helps enormously too, but some users might find it bothersome.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    The reason, AV companies do not post details, so people would not know, how easy it is to avoid, without AV.
      My ComputerSystem Spec

  3.    02 Apr 2017 #3

    Hi there

    If a computer has this sort of problem -- DO NOT EVEN THINK about "repairing it in situ" - CLEAN RESTORE is the only 100% OK solution. Also registry hacks are a waste of time --if some of this evil Ransomware is as sophisticated as it seems to be it will easily get round those "protections".

    1) Always have a CLEAN backup of your OS - No excuse not to - Free Macrium works very well indeed and can be booted off a USB.

    2) Backup OS regularly - preferably nightly and keep say 3 copies OFFLINE of course

    3) Keep OS+applications SEPARATE from your DATA (e,g photos, music, videos, office documents etc)

    4) backup important data every so often

    5) If Ransomware rears its ugly head -- SWITCH OFF COMPUTER IMMEDIATELY -- Do not use shutdown etc --simply Hard power off.

    6) (optional) re-format OS partition (including system reserved one) HDD with a bootable program such as windows recovery Disc --

    7) Boot stand alone Macrium and restore clean copy of OS.

    8) verify your data files

    Then have a nice stiff drink and make the appropriate - I believe is it the "2 fingered salute" to those scumbags who think they are clever dishing out Ransomware. Your computer is now as good as new again !!!!

    Note -- to those who know Linux an excellent GUI for copying / comparing / verifying files etc is GRSYNC.
    I use this one almost exclusively for backing up DATA but that's another issue.

    Further note to anybody reading this thread -- I've posted (as others) almost AD NAUSEAM the importance of BACKUPS -- it hardly takes long these days to back up the OS and external HDD's are mega cheap too.


    - and if people did take backups then 99% of the problems encountered in this section of the Forum would be avoided.

      My ComputerSystem Spec


Related Threads
Read more: Bundled Mobile Apps are a Bright Spot for Windows 10 - Thurrott.com
So I upgraded to Win 10 and so far I like it, but a problem which I find annoying: Whenever I open file explorer the window tends to move from where I placed it. What I mean is I place the window directly in the center, as I like it. When I open...
47454 47455 - about 65 - and that is just crazy!! :confused:
Does anyone else feel that the "new" (old?) two-dimensional feel of Windows 10 makes it a bit harder to interpret where one window ends and another begins when there are multiple windows/dialogues stacked on top of each other?
Google's look evolved in Windows 10 News
... sportin a new look! ... and favicon! 35223 Source
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:51.
Find Us