The Cerber ransomware has received an update that allows it to collect and steal data from a victim’s computer.Cerber ransomware has reputation of being one of the most rapidly evolving ransomware families to date.
According to security researcher from Trendmicro, this version of cerver ransomware can steel saved password form browser and can also steals wallet data.
This ransomware targets three types of Bitcoin wallet application.It searches and steals files named wallet.dat (used by the first-party Bitcoin Core wallet), *.wallet (used by the Multibit wallet app), and electrum.dat (used by the Electrum wallet app).
Although getting these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question. Furthermore, since 2013 the Electrum app no longer uses the electrum.dat file to store wallet information. Reasercher stated in blog post
It also tries to steal the saved passwords from Internet Explorer, Google Chrome, and Mozilla Firefox. This ransomware does these things before encrption. It sent saved password and wallet information to attacker through command-and-control servers. It also deletes the wallet files once they have been sent to the servers.
Files with the following SHA-256 hash are related to this incident:
6c9f7b72c39ae7d11f12dd5dc3fb70eb6c2263eaefea1ff06aa88945875daf27 – detected as RANSOM_HPCERBER.SMALY5A
To prevent form this, User should be educating about opening attachment from externad and unverified sources. System administrator should implement email policy to filter these types of attachment.