A new variant of the Cerber ransomware is now adding a DDoS bot that can blast spoofed network traffic at various IPs. This is the first time DDoS malware has been inserted into a ransomware infection. This means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim.
Stu Sjouwerman, KnowBe4’s CEO, said that the virus relies on social engineering the employee to activate the Macro feature in Office, which then executes a malicious VBScript that downloads and runs the malware.
The ransomware is executed first, which encrypts the users data and then blocks their access to the machine by locking the screen. After that, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer.
The attackers use Visual Basic to launch a file-less attack, and most antiviruses are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, but often thats too late.
KnowBe4 is a security platform helping organizations manage the problem of social engineering tactics through security awareness training.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now