The security firm Check Point states that the criminal gang behind the Cerber Ransomware and their group of associates gain over $2 million per year, thanks to their malware.
The newest report, named CerberRing: An In-Depth Exposé on Cerber Ransomware-as-a-Service and written by the Check Point team, reveals some stats about the malicious moneymaker.
Cerber has a massive distribution channel as, in July alone, researchers have noticed about 161 highly active spreading campaigns, raging out in 201 countries and targeting 150,000 users. What made this distribution campaign so huge and successful is the private affiliate program Cerber is relying on. The ransomware authors are offering new recruits 60% of all profits if they join the team and start distributing Cerber. The affiliates can even get an extra 5% if they manage to attract more people to join the scheme.
The rest on the takings are for the creators of Cerber, with Bitcoin accounts used to receive and launder the money. According to Check Point, each victim has a new Bitcoin wallet, specially created for them, which makes tracing individual payments impossible.
Becoming an affiliate is quite simple due to the way Cerber is designed. Its creators have make an easy-to-use control panel to increase the chances of more and more people wanting to join. Moreover, the fact that the ransomware`s control panel is available in 12 different languages, with online help offered in each, makes it possible people from all over the world to be recruited, hence the huge number of countries Cerber is targeting.
Statistics show that with an average ransom of $500, the total profits made in July are about $195,000. This means the Cerber`s crooks are making more than $2 million per year and that’s with only 3% of victims who decided to pay the ransom sum. Clearly, these 3% are more than enough to turn a satisfactory profit.
Cerber is mainly distributed by malicious attached files and exploit kit drive-by-download campaigns.
Researchers from Check Point shared with Infosecurity that regular back-ups are now absolutely needed in companies, urging IT teams to ensure at least one copy is made offline.
“Exercise caution. Don’t open e-mails you don’t expect to receive, and if you are asked to run macros on an Office file, don’t. The only situation in which you should run macros is in the rare case that you know exactly what those macros will do.” – they added – “Have a comprehensive, up-to-date, security solution. High quality security solutions and products protect you from a variety of malware types and attack vectors. And if you do get infected, search for decryption tools which could help get your data back.”