According to AVG researcher Jakub Kroustek, the Cerber 3 Ransomware is already roaming in the cyberspace and making its kill. As per the findings, Cerber 3 is an advanced malware which unlike its predecessors contains certain fixes that do not allow malware researchers from decrypting the files.
Cerber 3 is being distributed via Ransomware-as-a-Service scheme and therefore is slated to increase the number of infections across the globe. The ransomware is also different from its predecessors in its mode of distribution. The malicious campaigns which are spreading Cerber 3 are different from those for its other variants. As per a report by researchers at Israel based Check Point security firm most of the infections of Cerber 3 at present are in Asia especially in China and South Korea.
Cerber 3 Ransomware used Magnitude exploit kit to detect vulnerabilities in the operating system which paves way for their successful exploitation. Once Cerber 3 infects a system it demands for a ransom of $175 in Bitcoins that is double in value from previous variants. The ransom demand is presented in a Tor based webpage.
If your system is infected with Cerber 3 you should immediately disconnect the internet and copy your encrypted files to a safe and secure computer. There on you can manually remove Cerber 3 from your infected machine and then use data recovery tools to recover some of the data. In case you want to decrypt Cerber 3 encrypted files you need first know how Cerber 3 performs encryption. It starts by generating RSA 576-bit keys on the infected device. These keys are used to encode and decode files and are stored after successful encryption. The challenge lies with the decryption key that is encrypted with the same cipher but in more stronger bits RSA-2048. The decryption key is then sent to remote server which is handled by the criminals. The encryption algorithm used by Cerber 3 is RC4 which is an old one that leaked in 1994. The cipher on the other hand varies from 40 to 2048 bits. As per an advertisement published by Cerber 3 it uses 128-bit key. The challenge is that each encrypted file generates its own unique key. However, all these keys are encrypted using RSA-576 bit cipher which is already known to people. The challenge lies in the time that it will take to decrypt the files.