Nemucod Ransomware-as-a-Service Now Distributes Cerber Ransomware!

Cerber was first noticed in 1st quarter of 2016 and since then, it spread rapidly within no time with the help of Ransomware-as-a-Service [Raas]. Recently, Microsoft reported that Cerber is on the top position in Ransomware families infecting more than thousands of systems around the world every day!

And it seems like Cerber isn’t going to stop any more as Nemucod Ransomware-as-a-service appears to be yet another RaaS to distribute Cerber freshly! According to Cyren blog, it might be the newer version of Cerber or it might be freshly released by using Raas. Nemucod is a popular malware distribution tool which has already been used in the past to distribute ransomwares.

Nemucod Ransomware-as-a-service for Cerber Distribution

There are various ways through which the Ransomware is distributed around the world! Nemucod seems to be the best way for Cerber Ransomware as it’s a well known malware distribution tool. Once the user installs the exe file of Cerber, here’s what the note appears on the victims PC.

Cerber Ransowmare Message on PC

According to Cyren blog, “The attack is based primarily on email messages with zipped JavaScript attachments with filenames conforming to “DOC{10 digit}-PDF.js” and various invoice-related subjects.”

Two major variants of Nemucod were detected by Cyren in their research which are JS/Nemucod.GE!Eldorado and JS/Nemucod.ED1!Eldorado. It is also said that Nemucod is also responsible to distribute the 2nd most dangerous ransomware, Locky!

JS/Nemucod.GE!Eldorado code is detected as shown in the below given image.

JS/Nemucod.GE!Eldorado

JS/Nemucod.ED1!Eldorado code that affects your system are as shown below.

By this, it’s quite clear that Nemucod Ransomware-as-a-service is going to be dangerous if it outbreaks fresh Cerber ransomware around the world. It’s difficult to say up to what extent this RaaS is going to continue but if it continues for even 1 or 2 months, Cerber might top the charts in Ransomware family for ever!

We will keep you updated as more details come in! Till then, keep an eye on Ransomwares.Net and do spread the word on Facebook & Twitter!

7 Responses

Leave A Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.