Among all ransomware, the Cerber infection rate is significantly higher and more profitable, and is currently running more than 160 active campaigns across the globe, with total annual projected revenue of approximately $2.3 million. These were the findings of a newly published report by cyber security firm Check Point Software.
In a 60-page report, Check Point’s Threat Intelligence and Research Team, along with research partner IntSights Cyber Intelligence, further reveal that each day eight new campaigns on average are launched; in July alone, the research revealed approximately 150,000 victims affected in 201 countries and territories.
In addition, Cerber affiliates have become successful money launderers, and use the Bitcoin currency to evade tracing, and creates a unique wallet to receive funds from each of its victims. Upon paying the ransom (usually one Bitcoin, which is currently worth $590), the victim receives the decryption key. The Bitcoin is transferred to the malware developer through a mixing service, which involves tens of thousands of Bitcoin wallets, making it almost impossible to track them individually. At the end of the process, the money reaches the developer, and the affiliates receive their percentage.
Cerber is opening the doors for more would-be hackers. Cerber enables non-technical individuals and groups to take part in the highly profitable business and run independent campaigns, using a set of assigned Command & Control (C&C) servers and a convenient control panel available in 12 different languages.
Since June 2016, Check Point and IntSight have been charting a comprehensive map of the complex system developed by Cerber, as well as its global distribution infrastructure. Researchers were able to regenerate actual victim wallets, allowing the team to monitor payments and transactions, and opening the door to track both the revenue gained by the malware and the money flow itself. Further, this information provided the blueprint for a decryption tool that could remedy infected systems without individuals or businesses bending to cyber-criminal ransom demands.
“This research provides a rare look at the nature and global targets of the growing ransomware-as-a-service industry,” said Maya Horowitz, Group Manager, Research & Development, Check Point. “Cyber-attacks are no longer the sole essence of nation-state actors and of those with the technical ability to author their own tools; nowadays, they are offered to anyone and can be operated fairly easily. As a result, this industry is growing extensively, and we should all take the proper precautions and deploy relevant protections.”