Skip to main content
  1. Home
  2. Computing
  3. News

Locky and Cerber have become the dominant ransomware families

Add as a preferred source on Google

In the ever-changing world of ransomware, there are two animals that are always leading the pack. According to new research from security company Malwarebytes, the Locky and Cerber ransomware families are neck and neck with hackers constantly developing new strains of the malware.

The report, which tracked ransomware activity between July and October, first found that Cerber was in a dominant position before being overtaken by Locky.

Recommended Videos

We’ve seen both families adapt to the times recently, trying to stay fresh and dangerous by adding new features and tactics. In November, Check Point revealed how cybercriminals were exploiting holes in Facebook and LinkedIn to download Locky onto victims’ computers via an image file. Also last month, Trend Micro published findings that showed how Cerber was encrypting users’ database files.

Malwarebytes noted that the United States was by far the most infected country when it came to ransomware, with more strains avoiding detection by traditional antivirus software.

malwarebytes-chart-ransomware
Image used with permission by copyright holder

The company is looking at Russia as the most likely source of Locky and Cerber ransomware, either from Russian criminals or those with some affiliation with Russia.

Adam Kujawa, director of malware intelligence at Malwarebytes, pointed to the evidence that these forms of ransomware rarely infect Russian computers, using built-in functionality to detect if a user is based in Russia.

“They both recognize certain Russian IP addresses and say, ‘alright, we’re not going to infect you’ if you’re likely coming from Russia,” he said.

“I believe that is because if Russian law enforcement were to identify Russian people being hit by them, they’ll go after the attackers and take them down. If it’s going toward Western countries and the United States, they’re less likely to do anything about it.”

Of course, attribution is always hard when it comes to cybercrime. The Russia angle could very well be a smokescreen to deflect attention.

What is certain though is that ransomware is becoming increasingly sophisticated and surreptitious, avoiding detection and trying new tricks. Ordinary antivirus which still relies on signature detection to identify threats isn’t up to scratch.

One of the latest incarnations of ransomware has been so-called “doxware”, which as its name may suggest merges malicious encryption methods with doxing, the publishing of personal data online.

“It’s basically ‘we’re going to take your files, we’ll encrypt them, we’re demanding you pay us and if you don’t we’re going to throw it up on the internet’,” Kujawa said. “For an individual person that might not be a bad problem but for a company that could be huge.”

This is a devious but interesting workaround for the cases where a victim has a backup of their data and is unfazed by not paying. This all fuels the arms race between cybercriminals and security software vendors and regular people.

“There’s light at the end of the tunnel and this is a double-edged sword. The need for malware to develop further comes from the security community and the public at large ability to defend against these attacks,” explained Kujawa but every time we get better at security, cybercriminals change their tactics.

This isn’t likely to change in 2017. “They’re going to change their methods, I promise you that.”

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Anthropic confirms Claude acts differently depending on your language and which model you pick
A new study shows Claude's isn't nearly as consistent as you might assume.
Claude app on iPhone

If you've ever felt like Claude gave you a completely different vibe on one day than another, you weren't imagining it. Anthropic just published research confirming that its chatbot's personality shifts depending on which model you pick and which language you type in, and the pattern is consistent enough that it's worth knowing before you ask your next question.

The model you pick decides how Claude responds

Read more
This website is a goldmine if you love Mac menu bar apps
Discover hundreds of menu bar apps, from tiny utilities to powerful productivity tools, all in one place.
MacMenuBar website open on Mac

The menu bar is the most underrated part of macOS. It sits quietly at the top of your screen, and most people never do anything with it other than checking the time and battery percentage. But if you find the right apps, that thin strip becomes the fastest way to get things done on your Mac.

The problem is finding those apps. The Mac App Store is not great at surfacing them, and hunting through random blog lists is a chore. And while I have shared my favorite Mac utilities that include menu bar apps like Supercharge and CleanShot X, there’s an even better place to find the best apps for your Mac’s menu bar.

Read more
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more