Share This:

cerber ransomwareFirst identified back in March, Cerber ransomware made headlines again recently after reportedly targeting Microsoft Office 365 users through a large-scale zero-day attack.

Outside estimates say the email was sent to millions of Office 365 users and that it took Microsoft more than 24 hours to block. Microsoft responded through a spokesperson, telling SC Magazine that Office 365 malware protection identified the threat and was updated within hours and that only a small amount of users were targeted.

Cerber is still a serious threat, though, and MSPs need to know how to protect their SMB customers from this ransomware strain that appears to be on the rise.

How Cerber ransomware works    

According to The Hacker News, the ransomware is spread by phishing emails with malicious files attached, and it is then activated by enabling Macros. Once Cerber infects a system, it then encrypts files with certain extension using AES-256 encryption, encrypts the file name, and adds the .CERBER extension to it. It then asks users to pay a ransom of 1.24 bitcoins, which is currently about $670, in order to decrypt the files. The ransom doubles if it’s not paid within seven days.

One thing that makes Cerber stand out is that in addition to creating .txt and .html versions of the ransom note, it also creates a .vbs file that reads the ransom note aloud, adding insult to injury for ransomware victims.

How to protect customers from Cerber ransomware

Backup, user education, strong email security are the primary ways you can protect your SMB customers from Cerber. Currently, restoring to a recent backup is the only way to help victims get their files back without paying the ransom. So it’s important to make sure all of your customers are running regular backups and that those backups are working properly.

You also need to teach customers and their employees how to help protect themselves. This includes:

  • Knowing how to spot a phishing email or other malicious content
  • Disabling Macros on Microsoft Office programs
  • Keeping antivirus and security programs up-to-date

It’s critical to help your SMB customers understand that moving to cloud applications, such as Office 365, doesn’t automatically eliminate IT security threats. They can’t just sit back and assume all the necessary security is just taken care of because they’ve moved to the cloud. The threat landscape is constantly evolving, so a multi-layered defense combining built-in security with additional business-grade email security and advanced threat detection is key to keeping their data truly protected.

Photo Credit: Zach Copley via Used under CC 2.0 License

Share This:
Anne Campbell

Posted by Anne Campbell

Anne Campbell is the public relations manager for Barracuda. She's been with the organization since 2014, working on content and public relations for Barracuda MSP, the MSP-dedicated business unit of Barracuda. She started her career in newspaper and magazine journalism, and she brings that editorial point of view the work she does, using it to help craft compelling stories.

Leave a reply

Your email address will not be published. Required fields are marked *