It’s Christmas time again. And cybercriminals don’t waste their time – they make sure to continue spreading various types of ransomware, trying to earn more money for the New Year. Why not? Criminals are people too. And there’s one particular group that’s making waves at the moment – the one that’s responsible for the Cerber ransomware. They started a spam campaign which is designed to make you think that you received a credit card report in your email. It’s supposedly about the payment that’s about to be made with MasterCard. But if you open the attached Word file, that’s it – Cerber is installed on the computer and your data gets encrypted. This campaign was discovered by Microsoft Malware Protection Center.
And it’s understandable if you fall for it. You’re told that money is going to be withdrawn from your account if you don’t act immediately and open this attachment. You’re also provided with a password so the situation seems like something that can be believed – banks almost always send files that are protected. Those emails can also be sent from Outlook.com – an address that’s not often used by con artists. So, as you can see, nothing seems like it can cause you any trouble.
If you open the Word file, you’re asked to enable editing. After you do that, the PowerShell script is ran which puts Cerber on the computer. The ransomware gets to work as soon as it installs and there’s nothing you can do to prevent this process from happening. What’s worse, files can’t be decrypted without the key – you’re sent the latest version of Cerber and there’s currently no way to bypass it for free. So you either have to pay or restore your files from backup – there’s no other alternative. And paying is not advised. Not only because you may get deceived but also because it encourages the teams behind the ransomware to create more and continue distributing it.
And they don’t just spread their creations the same way all the time – they adapt and design various campaigns to ensure that you make this one click that changes everything. People behind Cerber previously used malvertising and also disguised the files as invoices. Now they decided to up their game and disguise their messages as something that creates a sense of urgency. No one wants to lose their money so the desire to protect it is justifiable.
We should also point out that Christmas is not the only holiday season that sees the spike in activity from cybercriminals. The research from Proofpoint showed that NewPOSthings and ZeusPOS malware families have quadrupled their attacks on Point-of-Sale terminals during the Thanksgiving and Black Friday. This kind of thing is pretty easily explained – holidays create a certain sense of euphoria so people are more easily tricked into various kinds of scam. Con artists just recently tried to use Amazon to steal personal information of the customers – they sent out emails which were disguised as messages from the online store. So don’t let your holidays be ruined – be on the lookout for deceptive tactics and don’t take everything at face value. If you have any doubts about your financial account, visit the bank and clarify the situation. But never, under any circumstances, open the files which were sent to you from unknown addresses. The consequences of this are probably going to be far worse than you could imagine.
So just delete those kinds of emails at first sight and don’t think for a second that you’re doing something wrong. It’s quite the contrary and you won’t regret your decision.