Ransomware Cerber

The Cerber ransomware has re-emerged, this name was used years ago, but the group does not appear to be the same, which shows that the malware has been sold to a new group.

The new Cerber has one difference from its predecessor, the ability to attack both Windows and Linux operating systems. This capability expands the number of the group’s possible targets.

Not only does its attacks not restrict any specific country, like some ransomware that avoids former Soviet Union countries, the group’s main targets are the United States, Germany, and China.

The group aims to attack Atlassian Confluence and GitLab servers using remote code execution vulnerabilities. Through these vulnerabilities the malware is able to break into the victim’s system and encrypt files, adding the .locked extension to all encrypted files.

The amount of ransom demanded by the group ranges from $1,000 to $3,000, this amount can change according to the size of the victim and the amount of files encrypted.

The best way to protect against Cerber attacks is to keep the Atlassian Confluence and GitLab server systems always up to date, because when there is a known flaw in some programs the development company quickly releases an update to fix the flaw.

But if your servers have already been encrypted by Cerber, we at Digital Recovery can recover all files encrypted by ransomware without the need for a decryption key.