Cerber on tähän asti suurin löydetty RaaS (Ransomware-as-a-service) -kiristysohjelmapalvelu. Cerberistä tekee erityisen vaarallisen se, että palveluna ostettava kiristysohjelma ei vaadi teknistä osaamista, mikä avaa ovet uusille kyberrikollisjoukoille.
Lunnaita vaativat Cerber-kiristyskampanjat saastuttivat heinäkuussa yli 150 000 laitetta yli 200 eri maassa. Palvelun arvioitu vuosituotto kehittäjilleen on noin kaksi miljoonaa euroa. Check Pointin tutkijat ovat päässeet kyberrikollisten jäljille rahajälkiä seuraamalla. Tutkimuksissa paljastui massiivinen Bitcoinia hyödyntävä rahanpesuvyyhti.
Check Pointin löydökset auttavat tutkijoita kehittämään salauksenpurkutyökaluja, joilla saastuneet koneet voidaan palauttaa käyttökuntoon – maksamatta kyberrikollisten lunnaita. Check Pointin kattava 60-sivuinen tutkimus paljastaa Cerber-kiristyskampanjoiden monimutkaiset taustat.
Liitteenä Cerber-tutkimusraportti. Lue englanninkielinen tiedote kokonaisuudessaan:
San Carlos, CA – Tuesday, Aug. 16, 2016 – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), today published new findings on one of the largest active ransomware-as-a-service franchises in the world, Cerber. The report offers an unprecedented behind-the-scenes view into the complex cyber campaign, not only shining a light on the growing ransomware-as-a-service industry, but revealing a path researchers are now using to help individuals and businesses gain access to their encrypted files – without paying the increasingly inflated ransoms of cyber criminals.
In a 60-page report, Check Point’s Threat Intelligence and Research Team, along with research partner IntSights Cyber Intelligence, identify new details and analysis on Cerber’s technical and business operation, revealing:
- Of all ransomware, the Cerber infection rate is significantly higher and more profitable. Cerber is currently running more than 160 active campaigns across the globe, with total annual projected revenue of approximately $2.3 million. Each day eight new campaigns on average are launched; in July alone, the research revealed approximately 150,000 victims affected in 201 countries and territories.
- Cerber affiliates have become successful money launderers. Cerber uses the Bitcoin currency to evade tracing, and creates a unique wallet to receive funds from each of its victims. Upon paying the ransom (usually one Bitcoin, which is currently worth $590), the victim receives the decryption key. The Bitcoin is transferred to the malware developer through a mixing service, which involves tens of thousands of Bitcoin wallets, making it almost impossible to track them individually. At the end of the process, the money reaches the developer, and the affiliates receive their percentage.
- Cerber is opening the doors for more would-be hackers. Cerber enables non-technical individuals and groups to take part in the highly profitable business and run independent campaigns, using a set of assigned Command & Control (C&C) servers and a convenient control panel available in 12 different languages.