Security News Cerber Renames Itself as CRBR ENCRYPTOR to Be a PITA

[LASER_oneXM]

Cerber Renames Itself as CRBR ENCRYPTOR to Be a PITA

...some quotes from the article:

I think ransomware developers are purposely trying to screw with us this week. First we had the NotPetya ransomware outbreak, which now researchers feel isn't a ransomware at all (or was it?), but rather designed to be a destructive malware. Then we have Cerber Ransomware suddenly switching their name to CRBR Encryptor in the ransom note because .. well, why the hell not?

Ultimately, no matter how its named, this is still Cerber Ransomware and NOT a new ransomware.

CRBR/Cerber Distribution Methods
This current round of Cerber is being distributed in a few different ways. First we have reports from exploit kit researcher Zerophage that Cerber is being distributed through the MagnitudeEK exploit kit. Using an exploit, malware purveyors are able to install Cerber on vulnerable victims machines when they visit a site injected with the MagnitudeEK exploit kit. Unfortunately, this means that a victim is most likely encrypted before they even know about it.

The second method, spotted by security researcher Chris Campbell, is the use of SPAM emails that pretend to be from the Microsoft Security Team. These emails state that unusual sign-in activity has been detected on the target's Microsoft account and then prompts you to open the attachment for instructions. This attachment is a zip file with a JS attachment, which when opened, downloads the Cerber executable file to the %Temp% and executes it.