Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more

Cerber Ransomware: What You Need to Know

2 min read
Last updated April 4, 2022

What is Cerber?

Cerber ransomware is ransomware-as-a-service (RaaS), which means that the attacker licenses Cerber ransomware over the internet and splits the ransom with the developer. For a 40% cut of the ransom, you can sign-up as a Cerber affiliate and deliver all the Cerber ransomware you want. Most ransomware doesn’t use this service paradigm. Typically, an attacker would adapt and deliver the ransomware and keep all of the money. By setting up Cerber as RaaS the developer and partner are able to send more attacks with less work.

Cerber is an example of evolved ransomware technology. The author of the ransomware offloads the work of finding targets and infecting systems to a partner in exchange for a cut of the profit. The partner gets a highly functional piece of software they are free to distribute, and bitcoin keeps the exchanges all anonymous and difficult to track.

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”

How Do You Recognize Cerber Ransomware?

If the screenshot looks like your desktop wallpaper, you’ve been infected with the Cerber ransomware.

How Do You Recognize Cerber Ransomware?

Of course, if you do see that screen, it might be too late to save your files. You can try to pay the ransom and hope they send you the decryption key, but many people don’t. Cerber and ransomware are things that fall under the “ounce of protection equals a pound of cure” paradigm. Your best bet is to avoid infection in the first place.

How Do You Remove Cerber Ransomware?

The best and most complete option to remove Cerber ransomware is to rebuild your operating system from a backup. If you have a recent backup, you’ll also be able to recover your encrypted files. As Ripley said, “Nuke it from orbit, it’s the only way to be sure.”

Current Anti-Virus programs can detect most ransomware including Cerber, and prevent it from running. Once Ransomware has started to encrypt your files, take the affected computer offline to prevent it from spreading to other computers or network drives.

One of Cerber’s particulalry nasty tricks is that it’s easy to wrap inside other delivery mechanisms. For example, you could download a rootkit that can disable your Anti-Virus before it downloads and activates Cerber. After an infection, you can remove the Cerber ransomware, but that doesn’t necessarily mean you removed the malware that delivered the ransomware to your computer.

No matter what you do with the ransomware itself, you aren’t going to be able to get the files decrypted. Cerber uses RSA encryption, and it’s not feasible to crack that encryption in a timely manner – even for the most sophisticated computer. Hopefully, you have a good recent backup of your important documents.

How Do You Prevent Cerber Ransomware?

Cyberthieves distribute ransomware by phishing email or infected websites. The best way to prevent Cerber (or any ransomware) attacks is by practicing good cybersecurity. Here are a few tips:

  • Don’t get phished.
  • Keep your Anti-Virus software updated.
  • Backup your documents regularly.

Varonis DatAlert provides immediate response to limit ransomware attacks in progress that threaten your most important data.

Six Cerber Ransomware Statistics

cerber ransomware statistics

  • At its peak in early 2017, Cerber accounted for 26% of all ransomware infections.
  • In July 2016, about 150,000 windows users were infected by Cerber through 161 identified campaigns.
  • Cerber generated $2.3 million (estimated for attackers in 2016).
  • Cerber developers released updates almost weekly, which kept the ransomware out in the world for longer than usual.
  • In the first half of 2018, ransomware infections have dropped by 42% and 50% for businesses and consumers, respectively.
  • There have been 0 reported Cerber ransomware attacks in 2018 as attackers move to newer ransomware like GandCrab, SamSam, and Spartacus.

Get a 1:1 demo to learn how to set up alerts to trigger on known ransomware variants like Cerber, recognize ransomware activity, and stop cyberattacks before it’s too late.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
Varonis joins Marsh McLennan Agency’s Cyber Resiliency Network
Varonis is teaming up with Marsh McLennan Agency. Together, we'll help organizations improve their cyber resilience with industry-leading DSPM solutions.
DSPM Report Highlights Risks That Lead to Significant Data Breaches  
Varonis' new DSPM report reveals that typical companies are widening their blast radius by oversharing permissions, excess ghost users, lack of MFA, and more.
Speed Data: Thinking From a Cyberattacker's Perspective With Dalal Alharthi
Dr. Dalal Alharthi talks about the importance of organizations anticipating a breach and seeing the world through the eyes of an attacker.
Behind the Varonis Rebrand
Discover the strategy behind Varonis' rebrand that involved a full transition to a hero archetype and the introduction of Protector 22814.