Latest Cerber Ransomware Steals Bitcoin Wallets

Cerber Ransomware Steals Bitcoin Wallets

Cerber malware is a ransomware that can steal Bitcoin wallets. Cyber security researchers had first discovered it in 2016, and since then it has evolved rapidly and several versions have been released. The latest version of the cerber ransomware is unique in the sense that it targets a different identity – Bitcoin wallets – hence, crypto currency theft.

How Cerber Malware Works

The Cerber malware is a ransomware that encrypts information and demands a ransom for its decryption. Cyber criminals spread the malware through emails with malicious attachments. If the victim falls for the phishing attack and opens the attachment, then the device – whether it is a desktop, laptop or mobile device – will get infected. The data on the device can be encrypted.

What Does The Latest Cerber Ransomware Do

The Cerber Ransomware attempts to do two tasks:

1. Steal the wallets of Bitcoin wallet applications – the Bitcoin, Electrum and Multibit wallet applications. While Bitcoin is a core wallet, the other two – Electrum and Multibit are third-party wallets. In the Bitcoin wallet it steals the file – wallet.dat, in Electrum it steals – *.wallet, and in Multibit it steals electrum.dat. These files are sent to the cyber criminals through a command and control server. The wallet files on the victim’s system are then deleted.

2. Steal saved passwords – Cerber Ransomware also targets the browsers – Google Chrome, Mozilla Firefox, and the Internet Explorer to steal the saved passwords. These stolen passwords are also sent to the cybercriminals controlling the attack through the C&C server.

Precautionary Measures

  • Protect your Bitcoin wallets with strong passwords or pass phrases. Avoid “formula-based” passwords.
  • Do not open attachments in doubtful emails – emails from unknown sources
  • Educate employees on suspicious emails, phishing, and spear phishing attacks.
  • Define appropriate and stronger email policies to block/filter such malicious attachments.
  • One consolation is that the latest Cerber ransomware will be able to steal or empty the Bitcoin wallet only if it is able to find out the password. A strong password/passphrase thwarts this attempt. However, this ransomware is able to access stored passwords in browsers – which is a major vulnerability.

Increasing interest in cryptocurrency and its popularity is inducing cyber criminals to target Bitcoin wallets. And in the coming days, more malware attacks targeting Bitcoin wallets will be encountered. A robust endpoint security solution would be a necessity to monitor, detect and block ransomware attacks.



Leave a Comment


Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password