Cerber ransomware rakes in cash by recruiting unskilled hackers

Cerber's creators take 35 percent of the profit, and the rest goes to partners

A ransomware strain has been making a pretty penny by opening its doors to unskilled hackers. 

Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets -- and rake in more cash. 

Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes. 

"Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant," it said in a new report.

As a result, the Cerber strain could generate close to US$1 million a year for its creators, Check Point said in its report released Tuesday.

The company partnered with Israel-based IntSights to trace the Internet activity of the Cerber ransomware, which has been available for sale on the black market. They found that Cerber has become a slick online service that continually recruits partners willing to spread it.

Partners who sign up can earn as much as 65 percent from every Cerber campaign they launch. The rest goes to Cerber’s creators, who make the ransomware easy to use with a web interface.

To bring in new partners, the makers of Cerber have been advertising the service in underground forums. However, the ransomware has also been giving away clues on its operations. Every Cerber infection sends off data to a large number of IP addresses, making its activity easy to trace, according to Check Point.

The company managed to decode the data and discovered that Cerber had infected almost 150,000 computers across the globe in July alone.

Cerber tries to extract payment in bitcoin by encrypting the computer’s data, and holding it hostage. However, in an interesting finding, very rarely do the victims ever pay a ransom, Check Point said.

In July, only 0.3 percent of the victims did so -- a figure that doesn't seem very impressive.

But that was still probably enough to bring in $195,000 in total profit, which translated into a harvest of $78,000 for the makers of Cerber, according to Check Point’s estimates.

“From a yearly perspective, the ransomware author’s estimated profit is approximately $946,000,” the company added.

It’s still unclear who’s behind Cerber, although the ransomware hasn't infected computers located in Russia and other countries in Eastern Europe and Central Asia.

The highest number of Cerber infections have occurred in South Korea, while the U.S. ranks fourth, Check Point said. Infections commonly come through email attachments or by visiting a malicious website. 

For instance, Check Point found that one cyber criminal was spreading Cerber by sending legitimate-looking job applications through email. To protect themselves, users should be careful  when opening suspicious emails or internet links.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?