Malware Evolution: How Cerber Mutates to Avoid Detection

Cerber is a clever piece of technology. If you’re not familiar with the ransomware bug known as Cerber, it’s almost assuredly because neither you nor anyone you know has come into contact with it. Among the many different ransomware variants out in the wild, Cerber makes itself known in a very vocal manner—it actually announces itself verbally, reading a ransom message aloud to its victim via VBScript. This clever addition to what is otherwise fairly standard ransomware is very effective because of the psychological effect it has on the victim. There is, however, another clever addition to Cerber’s code that gets talked about less often: its ability to mutate.

How Does Cerber Mutate?

Cerber’s creators came up with an interesting method for getting it past earlier generations of anti-virus software. They set the program’s hash to continually update itself, changing its structure every 15 seconds. This is an innovative approach that cybersecurity experts say is indicative of a malware factory—an automated assembly line through which cybercriminals constantly update and modify internal components of their malware applications.

By constantly changing its hash, Cerber mutates in such a way that older anti-virus software applications may not catch it when it is entering a victim’s computer. According to Malware Tech, this approach is no longer effective against any modern anti-virus software, but it is indicative of a trend that cybersecurity experts are becoming increasingly aware of. Much in the same way a contagious virus may alter its genetic structure to fool immune cells, so too can computer viruses alter their own code to fool anti-virus software.

Cerber actually changes its hash in a relatively simple way: it adds random data to end of its portable executable (PE) file. Although any modern anti-virus scanner should be able to catch this, more sophisticated developments along the same lines can produce malware applications that are much harder to defend against.

How to Protect Yourself

No matter how clever Cerber’s creators are, nobody likes paying $500 to get a compromised system decrypted. Computer users, especially in business contexts, are encouraged to spend a fraction of that cost on modern anti-virus software for their systems. While no anti-virus scanner can truly promise to protect you entirely, they make an enormous difference in catching known bugs. Even more important, however, is following some basic cybersecurity rules: learn to identify suspicious links, avoid clicking on them or downloading suspicious files, and always keep your system’s anti-virus software fully up-to-date. By following these rules, you will be able to avoid the great majority of dangerous malware applications out there.