The Cerber ransomware variant is on track to earn its developer and network of affiliates over $2 million per year, according to the latest stats from Check Point.
The security vendor’s latest report, CerberRing: An In-Depth Exposé on Cerber Ransomware-as-a-Service, aims to lift the lid on the ransomware.
Unlike most variants it’s operated on a highly distributed model, with 161 active campaigns spotted in July alone, targeting 150,000 users in 201 countries.
This is made possible via a private affiliate program, with new recruits offered up to 60% of profits in return for disseminating the malware plus a possible extra 5% for recruiting new members to the scheme.
The developer is said to get the rest of the takings, with Bitcoin accounts used to receive and launder the money. A new Bitcoin wallet is created for each victim, making it virtually impossible to trace individual payments, according to Check Point.
The ransomware itself is designed for non-technical participants to get involved via an easy-to-use control panel, and the fact it is pre-translated into 12 different languages, with online help available in each.
Despite only 3% of victims electing to purchase the decryption key, it’s enough to turn a tidy profit.
With the average payment coming in at $500, total revenue is estimated at $195,000 for July, meaning well over $2 million per year.
The ransomware is mainly spread by exploit kit drive-by-download campaigns and traditional malicious attachments.
A Check Point spokesperson told Infosecurity that regular back-ups are now a must for firms, urging IT teams to ensure at least one copy is made offline.
“Exercise caution. Don’t open e-mails you don’t expect to receive, and if you are asked to run macros on an Office file, don’t. The only situation in which you should run macros is in the rare case that you know exactly what those macros will do,” they added.
“Have a comprehensive, up-to-date, security solution. High quality security solutions and products protect you from a variety of malware types and attack vectors. And if you do get infected, search for decryption tools which could help get your data back.”
Source: Info Security Magazine