back to article Cerber ransomware menace now targeting databases

Criminals behind the massive Cerber ransomware enterprise are now targeting businesses as well as individuals with a module that kills and encrypts databases, warns Intel's former security arm McAfee. Cerber had conducted more than 160 campaigns when examined in July targeting 150,0000 users and raking in a cracking US$195,000 …

  1. Version 1.0 Silver badge

    Most of these arrive via the Inbox

    These attempts continue to flood the mail server - we have to be lucky all the time, they only have to be lucky once. I now have a list of "banned attachments" a yard long. If the authorities put the same effort into tracing and finding these criminals that they have put into inspecting presidential candidates email use then we'd all be a lot safer.

    1. Steven Roper

      Re: Most of these arrive via the Inbox

      Tracing and finding them is only part of the equation. The rest of it is coming up with a suitably deterrent punishment. Like publicly skinning them alive one square centimetre at a time over the course of a week or two.

      1. Adam 1

        Re: Most of these arrive via the Inbox

        > coming up with a suitably deterrent punishment. Like publicly skinning them alive one square centimetre at a time over the course of a week or two.

        Now now. I'm not a fan of Hillary or Trump either but I think I have to draw the line at a day or two.

        1. Steve Kerr

          Re: Most of these arrive via the Inbox

          How about being forced to listen to 24x7 Clinton and Trump campaign speeches alternating on a loop.

          I would say about a week, but I would think those scum would sink into insanity after about 6 hours when their brains start dribbling out their ears.

          1. Anonymous Coward
            Anonymous Coward

            Re: Most of these arrive via the Inbox

            Seems to me the solution is not giving blanket write access to the plebes in your office.

            You could send fake phishing emails to all employees at random intervals, and anyone dumb enough to execute the attachment gets locked out of everything important.

  2. Palpy

    Virtualize our OS, Captain!

    Quickly, before the attackers encrypt the dilithium crystals!

    Since "most of these arrive via the inbox", it might seem logical that an office system would run a virtual OS specifically for email and sending / receiving attachments. It could be a cookie-cutter installation with access only to its own filesystem. If compromised, it could simply be blown away and replaced with a new one from template. An attacker could not -- without hacking the hypervisor as well as the OS -- get to system files, let alone the rest of the network.

    Yes, it's still possible to hack through the hypervisor etc. But security is never about absolutes. It's always about raising the difficulty high enough to make hackers look elsewhere. Make the hackers' dev work too hard, too much effort for the probable return on investment.

    And yes again, it would make office tasks quite a bit more complicated. Files would have to be shuffled through safe-zones and mandatory malware detection.

    Is the extra trouble worth not having your company's highly lucrative stock-trading database encrypted?

    1. Thecowking

      Re: Virtualize our OS, Captain!

      That's basically what Bromium do.

      It's a clever thing with micro-VMs that are destroyed at the end of a session.

      1. Palpy

        Re: Virtualize our OS, Captain! With Bromium!

        Interesting, thanks for the heads-up.

        Most of the material on the Bromium website is heavy on advertising claims and low on tech specs. But from what I can gather, it sounds like they're offering application-specific "micro-VMs", which is certainly one approach. Browser-in-the-Box, of course, uses something like that. When on Ubuntu, I use FireJail -- another methodology, but with similar aims.

        Certainly a step up from straight Windows, and a running battle to blacklist malicious attachments based on extension or heuristics.

  3. JenCarole

    Bromium in the house!

    I can take the marketing bullet for the content on the website, but don't let that frustrate you.

    Probably the coolest thing we have is the Ransomware video on our YouTube channel that shows how we contain the malware and if you are so inclined - let it run with no threat to the network. We are an enterprise security platform but our customers have launched more than one billion micro-VMs and no one has reported a breach. That's all over the world with defense-grade protection. It's worth kicking our tires and checking out what we do. Our customers report with Bromium, they relax because their end users are no longer their constant headache and they gain intelligence that helps them prove value to their execs.

    I love that you guys already knew about us! And if you have technical questions - hit up @simoncrosby - one of our founders - on Twitter. He's an unabashed expert who pulls no punches.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like