August 7, 2017 By Larry Loeb 2 min read

Cerber ransomware has received a disturbing new variant that allows it to go after bitcoin. Security analysts from Trend Micro reported that the malware has historically been a rapidly mutating strain, having gone through six different versions since it has been on the radar.

According to a recent Malwarebytes report, “Cybercrime Tactics and Techniques Q1 2017,” Cerber ransomware already accounts for nearly 90 percent of the Windows sector. The latest variant adds a different type of attack to the standard ransomware functions it contains, for which there is no decryptor available. It now attempts to steal information about cryptocurrency wallets that may be present on the target machines.

Cerber Ransomware Steals Wallet Files

Cerber attempts to grab three different kinds of files: wallet.dat, which is used for bitcoin; *.wallet, used for Multibit; and electrum.dat, an obsolete wallet used by Electrum. However, the threat actor will not be able to breach the wallets by snaffling the files alone — he or she must also obtain the passwords that protect them. Since Cerber is not able to obtain such passwords, the actor must gain access through other forms of attack.

Bleeping Computer noted that because of this password limitation, the Cerber crew might have just copy/pasted the wallet-stealing code from another project without actually knowing how well it works in practice.

This Cerber variant will, however, delete the wallet information once it has been exfiltrated to the ransomware’s command-and-control (C&C) server. Trend Micro researchers believed that this new attempt is simple at its core, saying that the “attackers are trying out new ways to monetize ransomware.”

Password Theft

The new Cerber variant doesn’t stop there in its malicious activities. It also tries to steal users’ saved passwords from Internet Explorer, Google Chrome and Mozilla Firefox. Such information could be useful in hijacking online user accounts. The researchers noted that this theft will take place before any encryption is carried out by the ransomware.

Mitigation against this data breach remains the same as for other ransomware variants. Since it spreads through attachments to emails, opening unknown attachments should be heavily discouraged. Trend Micro also suggested that system administrators consider proactive email policies that will strip out such attachments from incoming emails.

More from

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today