First identified back in March, Cerber ransomware made headlines again recently after reportedly targeting Microsoft Office 365 users through a large-scale zero-day attack.
Outside estimates say the email was sent to millions of Office 365 users and that it took Microsoft more than 24 hours to block. Microsoft responded through a spokesperson, telling SC Magazine that Office 365 malware protection identified the threat and was updated within hours and that only a small amount of users were targeted.
Cerber is still a serious threat, though, and MSPs need to know how to protect their SMB customers from this ransomware strain that appears to be on the rise.
How Cerber ransomware works
According to The Hacker News, the ransomware is spread by phishing emails with malicious files attached, and it is then activated by enabling Macros. Once Cerber infects a system, it then encrypts files with certain extension using AES-256 encryption, encrypts the file name, and adds the .CERBER extension to it. It then asks users to pay a ransom of 1.24 bitcoins, which is currently about $670, in order to decrypt the files. The ransom doubles if it’s not paid within seven days.
One thing that makes Cerber stand out is that in addition to creating .txt and .html versions of the ransom note, it also creates a .vbs file that reads the ransom note aloud, adding insult to injury for ransomware victims.
How to protect customers from Cerber ransomware
Backup, user education, strong email security are the primary ways you can protect your SMB customers from Cerber. Currently, restoring to a recent backup is the only way to help victims get their files back without paying the ransom. So it’s important to make sure all of your customers are running regular backups and that those backups are working properly.
You also need to teach customers and their employees how to help protect themselves. This includes:
- Knowing how to spot a phishing email or other malicious content
- Disabling Macros on Microsoft Office programs
- Keeping antivirus and security programs up-to-date
It’s critical to help your SMB customers understand that moving to cloud applications, such as Office 365, doesn’t automatically eliminate IT security threats. They can’t just sit back and assume all the necessary security is just taken care of because they’ve moved to the cloud. The threat landscape is constantly evolving, so a multi-layered defense combining built-in security with additional business-grade email security and advanced threat detection is key to keeping their data truly protected.