According to Sensecy, a cyber intelligence company, Cerber, a ransomware popular in the Eastern block of Europe, is offered as a service on Russian dark web forums.
According to Malwarebytes Labs’ analysis, Cerber is the first ransomware, which is targeting Apple’s OS X. It has been discovered that the virus has customizable options too, for example, it does not load if it detects that the user is located in certain blacklisted countries, or contains specific languages, file names or directories.
Jerome Segura, a senior researcher at Malwarebytes Labs, stated the blacklisted geographies, most of them located in Eastern Europe, provide “an indication of where the malware originated.” Segura added that Malwarebytes Labs has not seen an indication that the ransomware is connected to the infamous APT28 group, which is widely believed to be tied to the Russian government.
The recent ransomware attacks prove that the hackers are making Western countries as their primary targets. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that made a prediction that “previously exploited vulnerabilities will soon be utilized to extract ransom”. In another research, Dell noted that the number of unique malware attacks increased 73% from 2014 to 2015.
Segura noted that while the typical ransom demanded is about 1 Bitcoin (worth $414 as of Monday). The Malwarebytes Labs senior analyst also noted that most attackers are making a thorough research on their victims to see if they can demand more money from them. Segura added:
“Ransomware will soon seek to identify the user, which can be done programmatically with code.”