CoreTech Blog

CoreTech Blog

CoreTech has been serving the Bowling Green area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

When DDoS Attacks and Ransomware Combine, the Results are Ugly

When DDoS Attacks and Ransomware Combine, the Results are Ugly

Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.

What’s worse, this variant of Cerber is more than just your typical ransomware, as it also possesses DDoS capabilities.

DDoS, or Distributed Denial of Service, programs utilize the previously infected systems in their attacks on new victims as part of a botnet, causing the target system to cave under a deluge of useless traffic. Therefore, as an unfortunate recipient of this malware tries to resolve the problem, their system has already been assimilated into a cyber horde that’s attacking other systems.

Cerber demands a ransom of 1.24 Bitcoins to unlock the currently uncrackable ransomware, which converts (as of this writing) to approximately $718 US dollars.

The attack typically goes down as such: An intended victim receives an email with the ransomware. If activated, Cerber adds three files onto the desktop of the victim’s computer, each containing the same message. One is TXT format, one is HTML, and one is a Visual Basic Script that converts into an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! The most annoying part is that every startup will trigger this message.

The other two files also contain instructions to navigate to the Tor payment site in order to pay the ransom, with the phrase “What doesn’t kill me makes me stronger,” transcribed in Latin at the bottom. As a brief reminder, we never recommend paying a malware ransom, as there is no guarantee that they will comply and release your files, and your funding will only contribute to further attacks.

As there is currently no known fix for Cerber, it is critical that businesses (the clear target of the ransomware) avoid falling victim to it, or any phishing-based attack for that matter. To do so, decision makers in companies should implement and enforce the following policies in their day-to-day practices.

    n
  1. Users should be informed of email security best practices, including not running or opening attachments from unknown sources or suspect emails in general.
  2. In case of possible infection, all files should be kept on an isolated backup to prevent data loss. An infected backup is no good, and so it should remain separate from the network to avoid such a circumstance.
  3. Be sure to keep all systems thoroughly updated with the latest versions of all your protections, as malware designers are in a constant race with their programs to outpace those who design protective programs.

To find out more about threats like this affecting your business, subscribe to CoreTech’s blog.

Tip of the Week: Why Routinely Changing Your Passw...
NATO Officially Declares Cyberspace a Battlefield
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Tuesday, 17 December 2024

Captcha Image

About CoreTech

CoreTech has been serving the Kentucky area since 2006, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

Last week, we discussed why X—the social media network once known as Twitter—has been losing many users. Here, we wanted to direct those seeking a move to consider the up-and-coming platform known as Bluesky in case you were one of those jumping ship...

Contact Us

1711 Destiny Lane Suite 116
Bowling Green, Kentucky 42104

Mon to Fri 8:00am to 5:00pm

[email protected]

(270) 282-4926


Nashville Managed IT
Louisville and Lexington Managed IT
Bowling Green Managed IT
Clarksville Managed IT