Cerber — the most commonly deployed ransomware family — found a new technique to conceal itself, according to an analysis by the security vendor Trend Micro.
Like most ransomware, this Cerber variant is delivered via email. However, this email message includes a link to an archive, which is located on a Dropbox account controlled by the attackers. Once a cybervictim downloads the self-extracting archive — which contains three files — the system is infected with a virus.
"All self-extracting files may look similar by structure, regardless of the content," according to Trend Micro. "In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection."
One of the three files also checks whether certain security analysis tools — including some of those run by Trend Micro — are running on the system.
Click here to view the full analysis.