The Cerber Ransomware Shuts down Databases

The infamous Cerber ransomware has changed tactics, this time it attempts to kill database connections to encrypt important data on the affected victim servers.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Cerber Now Bites the Databases as Well

The Cerber ransomware has changed tactics to produce even more damage to the infected server hosts. The programmers behind the malware have added new code that kills database processes and connections to impact the stored data as well.

The ransomware cyber security threats aim to affect as many files as possible which is why the latest iteration of Cerber has been updated with this mechanism. Databases are known for storing a lot of information that might be private or critical. The hackers can now damage it as well, because in some cases when the database processes are running other programs and users may not be able to access all read and write permissions on the databases themselves. Database access can also be blocked by the operating system in certain setups. According to the security experts from Bleeping Computer the newest version of Cerber has been found to terminate many database processes including the following:

msftesql.exe, sqlagent.exe, sqlbrowser.exe, sqlservr.exe, sqlwriter.exe, oracle.exe, ocssd.exe, dbsnmp.exe, synctime.exe, mydesktopqos.exe, agntsvc.exeisqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, agntsvc.exeagntsvc.exe, agntsvc.exeencsvc.exe, firefoxconfig.exe, tbirdconfig.exe, ocomm.exe, mysqld.exe, mysqld-nt.exe, mysqld-opt.exe, dbeng50.exe and sqbcoreservice.exe.

To bypass these processes the ransomware executables need to run from privileged accounts; this is why users are encouraged to use accounts with limited access.

Cerber is one of the most popular ransomware that is available to hackers worldwide. The malicious executable is frequently sold by hackers on underground black market communities located on the Dark Web. Various sources estimate that Cerber attacks will profit the cyber criminals with more than 1 million US dollars this year alone.

Ransomwares are evolving to target both individual and companies, and the high-frequency updates of these serious weapons shows that the hackers are actively working on breaking the security measures placed by the system administrators.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *