cerber ransomwareFirst identified back in March, Cerber ransomware made headlines again recently after reportedly targeting Microsoft Office 365 users through a large-scale zero-day attack.

Outside estimates say the email was sent to millions of Office 365 users and that it took Microsoft more than 24 hours to block. Microsoft responded through a spokesperson, telling SC Magazine that Office 365 malware protection identified the threat and was updated within hours and that only a small amount of users were targeted.

Cerber is still a serious threat, though, and MSPs need to know how to protect their SMB customers from this ransomware strain that appears to be on the rise.

How Cerber ransomware works    

According to The Hacker News, the ransomware is spread by phishing emails with malicious files attached, and it is then activated by enabling Macros. Once Cerber infects a system, it then encrypts files with certain extension using AES-256 encryption, encrypts the file name, and adds the .CERBER extension to it. It then asks users to pay a ransom of 1.24 bitcoins, which is currently about $670, in order to decrypt the files. The ransom doubles if it’s not paid within seven days.

One thing that makes Cerber stand out is that in addition to creating .txt and .html versions of the ransom note, it also creates a .vbs file that reads the ransom note aloud, adding insult to injury for ransomware victims.

How to protect customers from Cerber ransomware

Backup, user education, strong email security are the primary ways you can protect your SMB customers from Cerber. Currently, restoring to a recent backup is the only way to help victims get their files back without paying the ransom. So it’s important to make sure all of your customers are running regular backups and that those backups are working properly.

You also need to teach customers and their employees how to help protect themselves. This includes:

  • Knowing how to spot a phishing email or other malicious content
  • Disabling Macros on Microsoft Office programs
  • Keeping antivirus and security programs up-to-date

It’s critical to help your SMB customers understand that moving to cloud applications, such as Office 365, doesn’t automatically eliminate IT security threats. They can’t just sit back and assume all the necessary security is just taken care of because they’ve moved to the cloud. The threat landscape is constantly evolving, so a multi-layered defense combining built-in security with additional business-grade email security and advanced threat detection is key to keeping their data truly protected.

Photo Credit: Zach Copley via Flickr.com. Used under CC 2.0 License

Anne Campbell

Posted by Anne Campbell

As senior content strategist at Barracuda MSP, Anne Campbell finds new ways to use content to help managed service providers make their businesses more successful. She grew Intronis’ blog subscribers 532 percent in less than 18 months, winning the 2016 Content Marketing Award for Highest Subscriber Growth. Anne spent the first half of her career as a magazine and newspaper journalist, and she brings that editorial point of view to her work in content marketing.

Leave a reply

Your email address will not be published. Required fields are marked *