A popular ransomware family now evades AI detection, says Trend Micro

Cerber — the most commonly deployed ransomware family — found a new technique to conceal itself, according to an analysis by the security vendor Trend Micro.

Like most ransomware, this Cerber variant is delivered via email. However, this email message includes a link to an archive, which is located on a Dropbox account controlled by the attackers. Once a cybervictim downloads the self-extracting archive — which contains three files — the system is infected with a virus.

"All self-extracting files may look similar by structure, regardless of the content," according to Trend Micro. "In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection."

One of the three files also checks whether certain security analysis tools — including some of those run by Trend Micro — are running on the system.

Click here to view the full analysis.

More articles on health IT:
IBM employees petition CEO at IBM Watson Center
UCHealth Denver pilots social media-style ER updates
Intel consolidates AI efforts under Artificial Intelligence Products Group

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months