Misconfigured Server Gives Insight Into Cerber Ransomware Operation

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Security researchers have gained access to one of the servers used by the Cerber gang, from where they were able to extract basic statistics about their operation.

A security researcher that only goes by the nickname of Racco42 discovered the vulnerability on Thursday, January 12.

The issue affected only one Cerber server, not all, and was most likely due to a misconfiguration. The server wasn't a command and control server, but a mere staging server from where the victims' computers would connect and download the actual ransomware, which would later run and infect their PCs.

Server errors lets researchers in
An error in one of the server files displayed page source code, instead of executing it.

This information found its way to Avast security researcher Jaromir Horejsi, who together with the Avast team leveraged this error to get control over the server.

For a period of three hours, the Avast teams explains, they collected information from server logs.

Log.png

Log showing victims who downloaded the Cerber ransomware [Avast]
The Avast team observed over 700 victims download Cerber installers, which with no doubt encrypted their PCs.

Extrapolating this number to a whole day, just one typical Cerber ransomware staging server would be able to infect around 8,400 users during a spam run or malvertising campaigns.

The data Avast researchers collected was plotted on a map which shows that most victims were located in Europe and North America.

Map.png


Read more: Misconfigured Server Gives Insight Into Cerber Ransomware Operation
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
849
So 8,400 users infect themselves with ransomware each day? That's a huge amount.

The general population really has no idea about security. There really needs to be more consumer education.

Rule #1 Don't click on spam emails.
Rule #2 Don't click on spam emails.
Rule #3 Don't click on spam emails.

etc...

Maybe they need to teach computer security/hygiene in school so people don't fall for malware.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Maybe they need to teach computer security/hygiene in school so people don't fall for malware.
They taught me how to use Microsoft Access, but nothing about Security - all what I know is self-taught in 12 years - like most others here.

This changes if you study Computers in Further / Higher Education.
 
  • Like
Reactions: SHvFl

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top