The Computer Emergency Response Teams in the Netherlands (CERT-Netherlands) along with security research firm FireEye, discovered and shut down the server used in the Cerber campaign.

Cerber uses an email with a Microsoft Word attachment to deliver the ransomware. The attachment asks victims to turn on Macros and if the victim complies, launches the command and control Cerber installers.

“With the attacker-controlled servers offline, macros and other malicious payloads configured to download are incapable of infecting users with ransomware,” wrote FireEye malware researchers Ankit Anubhav and Raghav Ellur.

"Ransomware have migrated to ‘ransomware-as-a-service' offerings," Ayehu CEO Gabby Nizri wrote in an email. “Ransomware is no longer a hackers' war game – it's a business model.”

As always, users are cautioned to not open email attachments from unknown sources and to always backup their important data.

Source: SCMagazine