Zyxel Threat Intelligence (Release Date: 2021-11-17)
According NTT Monthly Threat Report for August 2021, ransomware has exploded over the past couple of years. We’re likely facing at least a 300% growth in ransomware incidents and payouts over the past two years.
Zyxel keeps malware detection up-to-date. This article focuses on Cerber Ransomware. Part 2 and 3 will be included in the November Monthly Threat Report covering Intrusion Detection and Application Patrol update. You can view more about their details, history, and signature information in Zyxel Encyclopedia.
Highlight (partial)
Name: Gen.Heur.MSIL.Androm
This Backdoor occurs on a system when a file dropped by malware or file downloaded on malicious sites
This Backdoor adds the following processes:
• "%Windows%\System32\msiexec.exe"
(Note: %Windows% is the Windows folder, in common is C:\Windows on all Windows operating system versions.)
This Backdoor drops in the following files in the Windows User Startup folder then automatically execute when every system startup:
• %User Startup%\v1v1vPk.exe
(Note: %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, C:\Documents and Settings\{User name}\Start Menu\Programs\Startup on Windows 2003(32-bit), XP and 2000(32-bit), or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit), 10(64-bit).)
Name: Trojan.Ransom.Cerber.
What Is Cerber Ransomware?
Ransom.Cerber is a type of malware that first occurred in 2016. The difference between Cerber and other types of ransomware is that Cerber is ransomware-as-a- “ransomware-as-a-service” (RaaS) model.
Malware developers offer their ransomware to hackers. Commissions are paid to the developers for the use of the malware. Ransom.Cerber encrypts users' data and demands a ransom to decrypt and there are currently no free decryption tools available. After kidnapping your files, the only method to access to your files again is to pay.
How does Cerber ransomware work?
Ransom.Cerber is distributed by an infected attachment to a phishing email or Trojan accompanied by a software download from infected websites. The algorithm of this Ransomware for encryption is RSA-2048 key (AES CBC 256-bit encryption). The Cerber ransomware will encrypt all your files like documents, image, audio, video, and even data storage files.
How to prevent Cerber Ransomware?
Zyxel security appliances provides comprehensive protection with actively patched and monitored measures:
Highlight
CVE-2020-0688
Base Score: 8.8 high
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. (NIST)
CVE-2020-1687Base Score: 7.2 high
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'. (NIST)
Applications have been added. The updated applications would be different by models. See more information via Zyxel Encyclopedia.
To make your life easier in managing your licenses for your devices, the Marketplace has been opened to buy licenses conveniently and securely.
These are the three major benefits for you as a customer when using the Marketplace:
- Get immediate license renewal
- Avoid incorrect license(s) purchased with our filtered product listing
- Review your device and license status online
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight