According to recent reports, a ransomware strain called Cerber has been making money by opening its doors to unskilled hackers.
Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets and rake in more cash.
Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes. “Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant,” it said in a new report.
As a result, the Cerber strain could generate close to $1 million a year for its creators, according to Check Point.
The company partnered with Israel-based IntSights to trace the Internet activity of the Cerber ransomware, which has been available for sale on the black market. They found that Cerber has become a slick online service that continually recruits partners willing to spread it.
Partners who sign up can earn as much as 65 percent from every Cerber campaign they launch. The rest goes to Cerber’s creators, who make the ransomware easy to use with a web interface.
To bring in new partners, the makers of Cerber have been advertising the service in underground forums. However, the ransomware has also been giving away clues on its operations. Every Cerber infection sends off data to a large number of IP addresses, making its activity easy to trace, according to Check Point.
The company managed to decode the data and discovered that Cerber had infected almost 150,000 computers across the globe in July alone. The ransomware tries to extract payment in bitcoin by encrypting the computer’s data, and holding it hostage. However, in an interesting finding, very rarely do the victims ever pay a ransom, Check Point said.
It’s still unclear who’s behind Cerber, although the ransomware hasn’t infected computers located in Russia and other countries in Eastern Europe and Central Asia.
Data collected by Check Point showed that in July alone, Cerber affiliates managed to extort $195,000 from victims across multiple countries including South Korea and the US. Infections commonly come through email attachments or by visiting a malicious website.
For instance, Check Point found that one cybercriminal was spreading Cerber by sending legitimate-looking job applications through email. To protect themselves, users should be careful when opening suspicious emails or Internet links.