Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally.
The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files.
The Windows-based malware first generates a series of fake system alerts in an attempt to persuade a victim into accepting a system shutdown. Once a machine reboots the malware begins encrypting documents' filename and adding a .CERBER extension to them.
Currently, dormant features in the code allow the malware to map and encrypt files on network drives linked to a compromised machines.
Once the file encryption process is finished, the malware generates three ransom notes. One of theses message services, through a VBScript, allows the computer to verbally read out the blackmail message to victims. Twelve different languages are supported by the polyglot menace, which was first detected by two independent malware analysts nicknamed BiebsMalwareGuy and MeegulWorth.
But the ransomware is deliberately programmed not to infect computers in eastern Europe.
“The fact that Cerber has the ability to target network shares, not to mention its decryptor's compatibility with 12 difference languages, attests to the increasing sophistication of today's ransomware campaigns,” commented security expert David Bisson in a blog post. “It is therefore recommended that users maintain regular backups of their data, that they avoid clicking on suspicious link, and that they maintain an updated anti-virus solution on their machines.”
Web security forum BleepingComputer has a fuller write-up of the threat here.
A video of the ransomware in action has been uploaded to YouTube here.
The appearance of Cerber comes shortly after the arrival of the first example of Mac OS X ransomware. The Mac nasty came bundled into downloads of the popular Transmission BitTorrent client, as previously reported. ®