nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Cerber surpasses Locky to become dominant ransomware menace

Ransomware-as-a-Service is a hit with the tech illiterate

By John Leyden, 13 Apr 2017

Cerber eclipsed Locky as the most common ransomware pathogen doing the rounds in the first three months of 2017.

Cerber's control of the cybercrime market rose from 70 per cent market share in January to 87 per cent in March, according to the latest cybercrime tactics report by Malwarebytes Lab.

The success of Cerber is down to its features (robust encryption, offline encryption etc) combined with the adoption of a Ransomware-as-a-Service business model, whereby the ransomware can be modified or leased. "It's also very easy for non-technical criminals to get their hands on a customised version of the ransomware," Malwarebytes reports.

Malwarebytes' findings follow reports from Microsoft that Cerber was topping its Windows 10 ransomware chart.

By contrast, the Locky ransomware (last year's number one) has dropped off the map, likely due to a switch in tactics by the cybercrooks behind the Necurs spam botnet. No new versions of Locky have appeared throughout the year to date, Malwarebytes reports.

Looking beyond Windows, the Mac threat landscape saw a surge of new malware and backdoors in Q1 2017, including a new ransomware (FindZip). Elsewhere two Android nasties – HiddenAds.lck, which locks the device and prevents the removal of an ad slinging nuisance, and Jisut, a mobile ransomware family – have been causing all sorts of problems, according to Malwarebytes.

The cybersecurity firm has built up a solid reputation for exposing the operations of tech support scammers. This form of fraud normally starts with a pop-up ad or phone call claiming that a prospective mark's machine is infected or underperforming. Once victims respond, the scammers use a variety of social engineering tricks to coax victims into installing ineffective crudware or subscribing the worthless (or often damaging) services.

Tech support scammers, finding difficulty working with North American payment processors, have begun accepting alternate forms of payment, such as Apple gift cards and Bitcoin, it reports. Some scammer groups have started to scam each other. ®

Sign up to our Newsletter

Get IT in your inbox daily

The Register - Independent news and views for the tech sector. Part of Situation Publishing