Cyber criminals are at it again, and their latest and greatest favorite malware strain is called Cerber. Just like it’s Greek mythology namesake, Cerberus (Hound of Hades), it packs a punch and keeps your head spinning.
Last week, four of our customers were held ransom by Cerber. We immediately started double checking and shutting down any remaining RDP (remote desktop protocol) ports that were still open, and are working diligently to beef up security measures to protect against this strain of ransomware.
You might wonder why the sudden outbreak in our little neck of the woods. The truth of the matter is that hackers don’t care about location. They do a random search finding open RDP ports (or whatever method they choose to infiltrate your network) and get a block of IP addresses. Once they have those IP addresses, they just start the attacks. Blocks of IP addresses are usually targeted to a region/area, thus making Grand Junction, Colorado this hacker’s new target location, even if they don’t know where it is on a map.
With the way this ransomware runs, unless you want to pay a fortune, the only option is to restore your backup files. Unfortunately, this can be a slow process depending on Internet speed, server speed, and the quantity of data to be restored. The much faster, locally stored Shadow Copy does not work in this instance, as Cerber locates that file and destroys it immediately.
Even though this particular hacker uses the open ports in the firewall to enter a network, doesn’t mean tactics can’t switch back to the tried and true click bait scheme. Make sure you inform your employees to be careful when opening any unknown emails, attachments, or website links. It is the MOST COMMON method ransomware, and other viruses get entry to your network.
If you are unsure about something, send it over to our Help Desk so they can review it helpdesk@networksunlimited.com, or give us a call and ask before you open anything.