TrueCut Security,Inc.

Next_Gen Endpoint Protection
trueEP

News

최신뉴스
Title Today's Ransomware - Cerber2
Name Operator Date 2016-08-06 View 1061
File 파일 Cerber2.mp4

Cerber2 ransomware was found.
Cerber was known as the talking ransomware and this is the variant of it.


Attacking procedure
1. scvhost.exe(not svchost) is running
2. call the subprocess(process name were changed every time).
3. svchost.exe is stopped and delete its file.
4. Subprocess is encrypting files.
5. Filename is changed to the conbined name.
6. The extension of filename is changed to .cerber2

We found the one of C&C server and its address 31.184.235.255(Russia).


RansomFree is blocking ransom attacks by preventing malicious behavior.
Thus RansomFree is blocking even the variant or unknown ransomware.

이전글   다음글
LIST
Customer Center822-3448-0880

525, Gangnam-daero, Seocho-gu, Seoul, Republic of Korea l Tel :822-3448-0880 l Fax : 822-3448-0804 l Email : jsshim@truecut.co.kr
Copyright (C) 2015 TrueCut Security, Inc. All Right Reserved.