Cerber v7 ransomware steals cryptocurrency wallets: Bitcoin, Electrum, Multibit

Cerber ransomware has gained the reputation of one of the fastest growing viruses from the family of viruses encrypting files. An excellent analysis of all versions up to the sixth is presented in the table prepared by Trend Micro . In the seventh version, the Cerber ransomware also steals files from the Bitcoin, Electrum and Multibot cryptocurrency portfolios before they are encrypted.

It is worth noting that the theft of files "wallet.dat" (Bitcoin), "* .wallet (Multibit) and" electrum.dat "(Electrum) does not guarantee that the stored cryptocurrency on the local disk can be stolen. Wallets with encrypted content will be stolen, not the passwords themselves, which should be extremely difficult to guess and stored in the most inaccessible place, resistant to electronic damage. What's more, the portfolio for Electrum since the end of 2013 is no longer stored in the "electrum.dat" file, while support for the Multibit portfolio was abandoned at the end of July 2017 by its developer (it is recommended to migrate to another portfolio as soon as possible).

Cerber steals passwords from browsers and permanently deletes wallet files

The Cerber ransomware authors know that they can do nothing without a password, which is why they provided Cerber with a module to steal passwords from Internet Explorer, Google Chrome and Mozilla Firefox. All the passwords and all information about the wallets obtained in this way are sent to the cybercriminals. However, the most may hurt the removal of the wallet from the local disk - thus the user loses all virtual assets irretrievably. Cerber ransomware steals files of cryptocurrency portfolios before encrypting files, and their original copies are stored on a server controlled by the authors of the malware. Files can be recovered in one way only - by paying a ransom. The worst of all is that there is no guarantee that the stolen data will be returned.

What can you do?

A copy of the security of the most important files and passwords. Having a large sum of money in cryptocurrencies is asking for a solid security.

To protect against ransomware, we recommend the protection software that in our test obtained the highest BEST +++ distinction, as well as products (eg Arcabit ), which create a backup copy of the files before they are encrypted / modified / deleted. Thanks to this, bitcoin wallets will be effectively protected against permanent damage.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.