Cerber 4.1.4 is another member of the notorious ransomware family Cerber. The hackers use these Trojans to attack PC users and lock their files. The ultimate purpose is to make the victims pay a large sum of money as ransom in exchange for the decryption key, which can unlock the data. The developers of Cerber release newer versions of their harmful applications on a regular basis. In just a week, they have created three new variants of Cerber, including Cerber 4.1, Cerber 4.1.1 and Cerber 4.1.3. Cerber 4.1.4 is not very different than its predecessors. All in all, the Cerber Trojans are almost identical: the minor differences in the codes and the distributions tactics attempt to boost the infection rates and evade the detection of some conventional security programs. The ransomware is created very professionally and may cause irreverible damage to all files with value to the user. Since it may be quite a challenge to fix your machine after Cerber 4.1.4 encrypts it, the cyber security specialists advise you to keep a powerful anti-malware solution that can detect and prevent the infection.
How Can the Hackers Deploy Cerber 4.1.4 Ransomware to Your PC?
The cyber criminals behind Cerber rely primarily on the email spam for the distribution of their viruses. Cerber 4.1.4 is not an exception to the established rule. Just like its predecessors, this Trojan may appear to be an innocent MS Word document. In some cases, the security analysts detected that it comes as an invoice with a random number following its name. This way, the recipient may assume that the random number is a reference number by some company, which makes it more likely for him to open the file. Contrary to what you may be assuming, just opening the fake invoice will not trigger the infection. The current Word versions by default open files in a protected view. This feature prevents potential infections. However, if you agree to turn on the macros, then Cerber 4.1.4 may become active and harm your PC. The Word document doesn’t contain all of the malicious codes needed to encrypt your machine. Instead, it establishes an outgoing connection to distant hosts, which will attempt to download the full version of Cerber 4.1.4.
What Makes Cerber 4.1.4 Ransomware Unique?
Although the similarities between Cerber 4.1.4 and its predecessors are many, there are still some notable differences. The most important one concerns its activation. Usually, the file-encoding Trojans connect the infected machine to a single Command and Control (C&C) server to transfer information. This strategy is efficient, but there is one big disadvantage: if the authorities, cyber security industry or Google manage to block the host, the cyber threat will stop working. To negate this potential effect, the developers of Cerber 4.1.4 now rely on three separate hosts:
- 65.55.50.0/27
- 192.42.118.0/27
- 194.165.16.0/22
This strategy may make Cerber 4.1.4 even more persistent that its predecessors. Unfortunately, the connections towards the C&C servers happen in the background and the user may receive no clues whatsoever until it is too late. The ransomware may easily evade the Windows Firewall, but a reliable anti-malware application should stop the unauthorized transfer of files.
How Can Cerber 4.1.4 Make All of Your Files Inaccessible?
Some PC users have the wrong assumption that their PC will get locked immediately after opening the payload of Cerber 4.1.4. This is not the case since the whole encryption process requires quite some time, depending on the amount of files on your hard drives. The delay may even reach a few hours. If you turn off your device during this time, you may interrupt the encryption process. However, if the ransomware manages to fulfill its task successfully, you may find yourself in real trouble. Cerber 4.1.4 relies on leading RSA and AES ciphers to change the codes of your files, which makes it impossible for you to open them no matter which program you rely on. The default extension of the modified photos, pictures, Office documents, databases, videos and so on will also change. Cerber 4.1.4 uses the computer’s MachineGuid value to append a new extension, so you may expect a file named ‘picture.img’ to become ‘picture.img.k8d1’. The ransomware also creates a text note on the desktop, which will most likely appear as ‘Readme.hta’. It contains instructions on how to pay the ransom, but the unanimous recommendation of the cyber security specialists is that you should not consider paying.
What Is the Proper Response Once You Lose Access to Your Hard Drive Due to Cerber 4.1.4 Ransomware?
You should remain calm and not act irrationally. The hackers behind Cerber have managed to steal a lot of money from the victims, which is the main reason they continue with these attacks. For a single month, the different Trojans in this family have been involved in 160 different campaigns targeting more than 150 000 users. The results were quite unfortunate – $195 000 has been extorted. You should keep in mind that you can never trust criminals. Nothing can verify that they will honor their word. If you pay the price, which is initially $84 in Bitcoins, you may still not receive the decryption key. Instead of giving your money to crooks, you should clean your PC by using advanced security software. When the scan has been completed and Cerber 4.1.4 is gone, you should try to restore your PC to an earlier date or import the lost files from another source. You may also try some free decrypting program, which may manage to break the ciphers.
Download Malware Removal Tool, to See If Your System Has Been Affected By Cerber 4.1.4 Ransomware and scan your system for other virus files