{"id":338,"date":"2017-08-11T10:21:21","date_gmt":"2017-08-11T10:21:21","guid":{"rendered":"http:\/\/esolutions.lt\/blog\/?p=338"},"modified":"2018-07-03T12:30:41","modified_gmt":"2018-07-03T12:30:41","slug":"hacking-in-summer-time-locky-and-cerber-developers-start-another-distribution-campaign","status":"publish","type":"post","link":"https:\/\/esolutions.lt\/blog\/hacking-in-summer-time-locky-and-cerber-developers-start-another-distribution-campaign\/","title":{"rendered":"Hacking in summer time \u2013 Locky and Cerber developers start another distribution campaign"},"content":{"rendered":"<h2>Cerber or Locky \u2013 ever-evolving and ever-lasting cyber issues<\/h2>\n<p>In case you started wondering whether, by any chance, the notorious two ransomware giants got finally terminated, we are sorry to disappoint you. It seems that the developers of these two threats have wisely spent the summer time: improved viruses target netizens again. What\u2019s new and what should you beware of?<\/p>\n<h2>Cerber now sniffs for personal data<\/h2>\n<p>Corresponding to its original name \u2013 the mythical creature <a href=\"http:\/\/www.2-spyware.com\/remove-cerber-virus.html\">Cerber <\/a>\u2013 the developers decided to add data-stealing features. Now the latest version of the virus, which is distributed as <a href=\"http:\/\/www.2-spyware.com\/remove-crbr-encryptor-ransomware-virus.html\">CRBR Encryptor,<\/a> is able to capture browser passwords and bitcoin wallet-related information.<br \/>\nBesides looking for Chrome, Internet Explorer, Firefox and other browser passcodes, the infection also attempts to steal Bitcoin Core wallet, Multibit and Electrum wallet information.<\/p>\n<p>IT specialists suspect that the source code enabling the mentioned function might belong to another project. Though this new update certainly makes the malware even more menacing, data stealing ransomware is not a novelty. Last year some <a href=\"http:\/\/www.2-spyware.com\/remove-cryptxxx-ransomware-virus.html\">CryptXXX<\/a> variants were spotted in engaging in data stealing activity as well.<\/p>\n<h2>Locky strikes again in a new disguise<\/h2>\n<p>While the title of \u201c<a href=\"http:\/\/www.2-spyware.com\/remove-locky-virus.html\">Locky ransomware<\/a>\u201d had been regularly flickering in the media headlines last year, its authors has not abandoned this project. In fact, the time periods between each version imply that the crooks have been working on the new more destructive techniques. Consequently, this summer they decided to drop the habit of naming their virus versions after the names of Egyptian and Scandinavian deities and return to the European mythology.<\/p>\n<p>IT specialists have caught its new version \u2013 <a href=\"http:\/\/www.2-spyware.com\/remove-diablo6-ransomware-virus.html\">Diablo6 ransomware<\/a> \u2013 spreading via a new malicious spam campaign. However, observing the tendency, Locky developers have not mastered any extraordinary new technique. As in previous cases, they test targeted users\u2019 curiosity. The compromised email might be sent from an unknown sender with a brief message content: \u201c<em>Files attached. Thanks<\/em>\u201d<\/p>\n<p>Opening the E [date] (random_numer).docx file will executes VBS downloader script which then downloads the main payload of the virus. During the encryption process, the malware will append ridiculously long [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars].diablo6 file extension. The current version is relatively modest\u2014it only asks for .49 bitcoin\u00a0amounting $1.600.<\/p>\n<p>Unfortunately, neither of the ransomware threats are decryptable at the moment. While cyber security specialists\u00a0continue working on the countermeasures, the virtual community should arm up with awareness and knowledge. Except Cerber, which indeed keeps evolving at the alarming rate, Locky developers seem to rely on the same spam campaigns. If you manage to bridle your curiosity and treat incoming spam emails with cautiousness, you will lower the risk of encountering file-encrypting threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cerber or Locky \u2013 ever-evolving and ever-lasting cyber issues In [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":349,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/338"}],"collection":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/comments?post=338"}],"version-history":[{"count":1,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/338\/revisions"}],"predecessor-version":[{"id":340,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/338\/revisions\/340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media\/349"}],"wp:attachment":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media?parent=338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/categories?post=338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/tags?post=338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}