Skip to main content
16 entries found.
Updated on Jan 17, 2018

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data.

It is a member of the ransomware-as-a-service category of ransomware, and spreads through email, exploit-kits, and other drive-by downloads. As of September, 2016, we have seen this threat use Exploit:HTML/Pangimop (Magnitude) and Exploit:HTML/Meadgive (Rig) exploit kits in its campaign in the Asian region (Taiwan and South Korea). We have also seen it distributed in email attachments that contain script-based downloaders, such as those written in javascript (.js), Office VBA (Word documents such as .doc and .rtf), and Windows Scripting File (.wsf). As of October 2016, we have seen Cerber delivered through password-protected email attachments, along with other threats.

It might ask you to pay money (in the form of bitcoins) to a malicious hacker. It can play a text-to-speech or synthesized recording, show a web page, or a plain text document. 

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

 

 

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker. See our family description Win32/Cerber.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat

This ransomware can stop you from using your PC or accessing your data.

It is a member of the ransomware-as-a-service category of ransomware, and spreads through email, exploit-kits, and other drive-by downloads. As of September, 2016, we have seen this threat use Exploit:HTML/Pangimop (Magnitude) and Rig exploit kits in its campaign in the Asian region (Taiwan and South Korea). We have also seen it distributed in email attachments that contain script-based downloaders, such as those written in javascript (.js), Office VBA (Word documents such as .doc and .rtf), and Windows Scripting File (.wsf). As of October 2016, we have seen Cerber delivered through password-protected email attachments, along with other threats.

Cerber encrypts files using both the RSA and RC4 algorithms, and uses the following encrypted file extensions:

  • .cerber
  • .cerber2
  • .cerber3

It might ask you to pay money (in the form of bitcoins) to a malicious hacker. It can play a text-to-speech or synthesized recording, show a web page, or a plain text document.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jul 25, 2017

Windows Defender Antivirus detects and removes this threat.

This threat is a malicious JavaScript that downloads and executes malware, including Ransom:Win32/Betisrypt and Ransom:Win32/Cerber.

Find out ways that malware can get on your PC.  

Alert level: severe
Updated on Jul 20, 2017

Windows Defender Antivirus detects and removes this threat.

This threat is a malicious JavaScript that downloads and executes malware, including Ransom:Win32/Betisrypt and Ransom:Win32/Cerber.

Find out ways that malware can get on your PC.  

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

 

Alert level: severe
Updated on Mar 22, 2017

Windows Defender detects and removes this threat.

This threat loads a malicious Adobe Flash object in your browser in order to download malware, including ransomware such as Ransom:Win32/Cerber.

You might be redirected to the web page that loads the object without your consent.

The malicious Adobe Flash object exploits the vulnerability described in CVE-2015-8651 and Adobe Security Bulletin APSB16-01.

Note that you might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Read more about how this threat is being used by cybercriminals in this blog post:

 

Alert level: severe
Updated on Mar 22, 2017

Windows Defender Antivirus detects and removes this threat.

This threat is a .pdf file with a malformed hyperlink to phishing websites or other malicious sites. It usually arrives as attachment to spammed email messages.

To know more about how cybercriminals are using this threat in attacks, read the following blog:

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jun 14, 2016

Windows Defender Antivirus detects and removes this threat.

This threat downloads and installs other programs, including other malware, onto your PC without your consent.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Jun 23, 2016

Windows Defender detects and removes this threat.

This threat family uses vulnerabilities in recent versions of Internet ExplorerMicrosoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install Ransom:Win32/ExxrouteRansom:Win32/Cerber,  and drop variants of Win32/Gamarue.

You might get this threat if you visit a malicious or hacked website, or click a malicious link in an email.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat. 

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money (in the form of Bitcoins) to a malicious hacker.

This ransomware is installed by the Magnitude exploit kit, which used to deliver another prominent ransomware family, Cerber.

When run, this threat checks the machine's default system language. If the system language is Korean, it launches its malicious routines. Otherwise, self-deletes after three seconds.

It encrypts files using AES 128-bit and appends the file name extension .ihsdj to encrypted files.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Jan 10, 2018

Windows Defender Antivirus detects and removes this threat. 

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker to restore your files. 

It uses any of the following file name extensions for encrypted files:

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe