New Blank E-Mail Spam Campaign Spreads Cerber Ransomware

March 22, 2017

Researchers from SANS Internet Storm Center report they have spotted a new spam campaign that spreads the famous ransomware Cerber. The new campaign has the title "Blank Slate" as the emails that come with it have no content whatsoever. The messages have no text, and there is basically nothing about them that could indicate a potential victim that there is something wrong.

There are attachments to the emails, though, but they also do not suggest that some malware could be hiding in the files as their names are vague and look like regular files that anyone would save on their computers, containing mostly random characters. The same holds for the subject lines of the emails.

The "Blank Slate" campaign is actually quite familiar to cyber security researchers as they have observed it before, yet this time the prevalence of Cerber Ransomware among the malware types that it spreads is something new.

As for the malicious files attaches to the emails from ''Blank Slate'', the ransomware could be hiding in two types of files, whereby in both cases the files that are sent as attachments are double-zipped, meaning a zip archive is embedded into another zip archive. The last zip file on the line is then carrying the malware either in a Microsoft Word Document or a JavaScript file. If Cerber is within the Word Microsoft file, the potential victim needs to enable macros for the infection to take place.

For the JavaScript files, though, Cerber lands on the target computer if the user simply clicks twice on the file to open it. Once Cerber Ransomware has penetrated your computer, it will start to encrypt all your files, like photos, videos, documents and pretty much all important data that you have stored on your machine. An interesting detail for this particular ransomware is that the amount of ransom that it requires in order to send you a decryption key will always equal $500 in Bitcoins, regardless of the exchange rate that is on the market at the moment. Researchers have, however, updated that information – from this week on, the malware asks for 1 Bitcoin for the decryption of your files.

As with nearly all ransomware type of infection, Cerber can also be easily avoided by simply being extremely watchful in your email correspondence. You should never open any emails from people you do not know, or respectively, emails that you do not expect. Needless to say, you should never try to open any attachments that come with messages having no text and random letters as a subject line. The probability that these attachments will deploy some malicious program on your computer that will only harm you is relatively high.

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 6 + 4 ?