Home Security Cerber ransomware can steal cryptorurrencies from Windows PCs

Cerber ransomware can steal cryptorurrencies from Windows PCs

The Cerber ransomware, which is known to be a rapidly evolving ransomware family, has changed again and can now steal cryptocurrencies.

A post by researchers from Trend Micro said that Cerber, which had gone through six separate versions with accompanying differences in routines, now appeared to have two ways to profit from infecting Windows machines.

The method of infection, however, has not changed; Cerber still arrives as a JavaScript attachment in an email.

Apart from its ransomware activity, the researchers said Cerber now targeted the wallet files of three Bitcoin applications – the original Bitcoin Core wallet, and the third-party Electrum and Multibit wallets.

The three files which were stolen were wallet.dat (Bitcoin), *.wallet (Multibit) and electrum.dat (Electrum).

However, they noted that this did not mean that the Bitcoins stored in these wallets were accessible to the attacker as the password protecting them was needed to gain access. Additionally, Electrum had stopped using the electrum.dat file since late 2013.

Apart from this, the updated version of Cerber also attempted to steal saved passwords from Internet Explorer, Chrome and Firefox before it began encrypting any files on the Windows system in question.

"Saved passwords and any Bitcoin wallet information found are sent to the attackers via the command-and-control servers," the researchers wrote. "It also deletes the wallet files once they have been sent to the servers.

"This new feature shows that attackers are trying out new ways to monetise ransomware. Stealing the Bitcoins of targeted users would represent a valuable source of potential income."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News