Cerber is one of the more popular variations of ransomware. A new version has been detected, and it has a few new tricks up its sleeve.
The latest version of Cerber extracts itself from a hacker-owned Dropbox account. The self-extraction makes it look safe to machine-learning tools, which is one way it avoids detection. It also checks to see if it’s installing itself onto a virtual machine, which cybersecurity companies use to detect and study malware. If Cerber sees that it is being installed on a virtual machine, it stops the installation, making it harder for the good guys to fight it.
This blog has been re-posted with permission from Craig Petronella