CERBER RANSOMWARE WARNING

[Pandut]

Sooo hey I just got smacked upside the head by a new virus on the block known as Cerber. A Russian virus that uses exploit kits to infect computers, aka spam emails, malicious advertisement, file attachments, torrents and etc.

This thing nearly wiped out all of my personal information, I lost a great deal of personal data that I probably will never be able to recover (thank fucking christ it didn't touch my doom mods). Nevertheless, this thing targets "work" files, things like movie and audio files, .psds and anything that might use an "important extension". This includes .wads as well. I got damned lucky as I don't believe it targets .pk3s and all my mod files were saved as such. But still, be careful out there folks.

If you prowl around torrenting sites like Piratebay or any of the chan boards I highly, -highly- suggest stopping immediately. That's where this virus seems to lurk. In fact, piratebay was recently attacked by malvertising and it's how I got infected because I just wanted to watch Land Before Time again god dammit.

This damn thing can weasel it's way past known adblocks like Ublock Origin and the like. Thought I was safe... I guess not. It's my own damn fault this happened to me. I've heard they've been hitting and marauding various sites so I figured I'd just try and airhorn a warning.

More information about it here;
https://blog.malwarebytes.org/threat-an ... ut-mature/

http://www.bleepingcomputer.com/news/se ... ks-to-you/
(If you're lucky to be in Russia or Ukraine or surrounding countries, you should be safe from the virus. But European and American folks should take heed.)

Be safe out there, folks. Be careful and cautious of what you're downloading. One second you're trying to reconnect with some childhood nostalgia, next you're wiping your HDD and saying farewell to lost personal data.

[Nevander]

Just great.

Thanks for the warning.

[Marrub]

This is why NoScript is an important part of web security.
(And not ever ever ever enabling flash, of course. )

[Beed28]

Well, just disabled Adobe Flash, and I'm using AdBlock Plus and NoScript. I don't know if that's even enough.

[Caligari87]

If you're smart about your browsing it should be. To be completely honest I've been flying mostly without antivirus, adblock, or noscript for over a decade and haven't ever gotten anything. It's mostly about being aware of what you're clicking on.

[Hege Cactus]

If you're smart about your browsing it should be. To be completely honest I've been flying mostly without antivirus, adblock, or noscript for over a decade and haven't ever gotten anything. It's mostly about being aware of what you're clicking on.

This virus has apparently been more vicious with its roaming between networks and other access related things, so just being smart will also now include not going to networks that might have infected machine and it also seems to be able to sneak into your cloud services if you have them via program like dropbox and one drive
It's also very new, fast growing, very very adaptable and harder to detect currently. Been a real pain in the ass for IT people in offices.

So just being smart wont always cut it in this case, sure it will secure you a hell lot more tho.
Dont bring your personal stuff in work offices tho till anti viruses catch up on preventing this fucker

This will heavily increase the importance of back ups, thats for sure.

[Viscra Maelstrom]

so how well prepared should you be in case the thing hits you? i've taken precautions here, by getting NoSctipt for Chrome, backing up files on my external drive, and then plugging it out until i get a second one (i don't know if this was necessary to do or not? but whatever.)

do i need to disable Dropbox for now? i do use it for syncing my audio projects, and losing them would be terrible, although it seems that it doesn't encrypt FL Studio project files, thankfully. can my smartphone be affected in any way? also, is it necessary to disable Flash? wouldn't that make e.g. Youtube videos not run at all?

i may sound a bit jumpy here, but i guess being extra precautious over a new, malicious type of ransomware isn't bad, right?

[Dancso]

HTML5 will work on both youtube and twitch if flash is not present.
You can set chrome to ask for your permission to enable plugins (including flash) or you can disable it altogether if you're not really using any flash content (though at that point you might aswell uninstall flash entirely)

I don't think you'd necessarily need to stop using cloud services (ie dropbox) - they're a nice convenience after all, just be cautious about what computers you're exposing your data to. If you're creating regular backups of your most important data in a number of places, you're not at such a high risk of a catastrophic event.

Being prepared is never a bad thing! I have installed a noscript/adblock right after reading about this ransomware. I've never had an incident, but I do plan on investing in some external backup measures.

[Viscra Maelstrom]

i've backed up my important stuff to a flash drive and my harddrive, and as i said, plugged out the harddrive until i get a second one. i actually have some other harddrives which i've backed up stuff on before, so i'm not entirely in the dark and i've been prepared for quite some time, haha.

what do you mean when you say "be cautious about what computers you're exposing your data to" also?

[Dancso]

It's a vague statement really. In my case it would mean blocking the computer my parents use from accessing mine.
Viruses can spread over flash drives too, so if you must transfer data from a computer you don't fully trust to be clean, your pendrive might be worth scanning.
I don't actually know how susceptible dropbox would be to infection, so that may be another angle, if a vulnerable computer has your account syncing in dropbox.

[Rachael]

Flash is going the way of the dinosaur (thank god!) and more and more devices these days are not coming with it preinstalled.

Flash has more security holes than swiss cheese and the fact that Firefox disables it after every single update should tell you something about it.

[Accensus]

Physical backup cannot be beaten. Cloud storage May be reliable, but I'd generally avoid it for personal stuff. Better get a 1 TB HDD and backup your stuff there then unplug, put in an anti-static bag or something and hide away. That's the most certain way to know that your backup is safe.

[Viscra Maelstrom]

that's why i'm getting a new harddrive. i do use my current external to listen to music, and i wanna keep on doing that, but i don't wanna risk losing it all. so, i've plugged it out until i can get a second one to store my stuff on.

edit: where do i get anti-static bags though?

[Accensus]

Try an IT store. All electronic hardware comes in anti-static bags; pretty sure they have some to spare/sell.

[Reactor]

Thank you for the early warning, I quickly made a system restore DVD just in case this little devil sneaks thru the defense lines.