Cerber was first noticed in 1st quarter of 2016 and since then, it spread rapidly within no time with the help of Ransomware-as-a-Service [Raas]. Recently, Microsoft reported that Cerber is on the top position in Ransomware families infecting more than thousands of systems around the world every day!
And it seems like Cerber isn’t going to stop any more as Nemucod Ransomware-as-a-service appears to be yet another RaaS to distribute Cerber freshly! According to Cyren blog, it might be the newer version of Cerber or it might be freshly released by using Raas. Nemucod is a popular malware distribution tool which has already been used in the past to distribute ransomwares.
Nemucod Ransomware-as-a-service for Cerber Distribution
There are various ways through which the Ransomware is distributed around the world! Nemucod seems to be the best way for Cerber Ransomware as it’s a well known malware distribution tool. Once the user installs the exe file of Cerber, here’s what the note appears on the victims PC.
Two major variants of Nemucod were detected by Cyren in their research which are JS/Nemucod.GE!Eldorado and JS/Nemucod.ED1!Eldorado. It is also said that Nemucod is also responsible to distribute the 2nd most dangerous ransomware, Locky!
JS/Nemucod.GE!Eldorado code is detected as shown in the below given image.
JS/Nemucod.ED1!Eldorado code that affects your system are as shown below.
By this, it’s quite clear that Nemucod Ransomware-as-a-service is going to be dangerous if it outbreaks fresh Cerber ransomware around the world. It’s difficult to say up to what extent this RaaS is going to continue but if it continues for even 1 or 2 months, Cerber might top the charts in Ransomware family for ever!