Skip to main content

The latest ransomware threat announces itself out loud with a creepy computer voice

cerber ransomware creepy voice encrypted files looking over the shoulder of a man typing on keyboard in dark
Image used with permission by copyright holder
Cerber, the latest ransomware threat, doesn’t just encrypt all of your files: it also tells you about it, out loud, and repeatedly. It’s like something out of a 90s hacker movie, except this isn’t fake: your files really are all gone until you pay up.

“Attention! Attention! Attention!” is what infected computers will say to their users, using the text-to-speech engine built into Windows. “Your documents, photos, databases, and other files have been encrypted!”

Ransomware is malware that infects a users’ computer, then starts encrypting all of the files on it. Assuming users don’t have backups, the only way to get files back is to pay the hackers for a decryption key. Cerber is the latest in a long line of similar attacks, but is unique in a few ways, including the bizarre voice.

Cerber’s modis operandi is outlined in a blog post by Lawrence Abrams of security blog BleepingComputer, which explains that copies of the ransomware are reportedly available for sale on an underground Russian hacker forum. Essentially, this is a franchise model: would-be hackers can use the ransomware, but the original creator also gets a cut.

When the malware spreads to a new machine, it first checks to see if that computer is inside particular countries including Russia and a number of former Soviet block nations. If the laptop is within those borders, the malware won’t do anything.

Then Cerber sets the computer to start in safe mode after the next reboot, and allows itself to run constantly: at boot, as the computer’s screensaver, and every minute just for good measure.

After a few forced reboots, Cerber will scan your computer for certain filetypes including Office documents, photos, PDFs, music, and most other common filetypes, and encrypt them with the near-uncrackable AES-256 algorithm. Cerber can also scan the network for Windows shares, and encrypt files on those machines as well.

Once the ransomware finishes encrypting files, it starts announcing its presence. HTML and TXT files in each encrypted folder explain what has happened, and direct users to install TOR and visit a particular page in order to pay up. For $500, victims can regain access to their files. The VBS files, meanwhile, triggers the aforementioned audio announcement.

There’s currently no way to decrypt the files for free, which means users who really want access to their files are likely to pay up.

If you want to keep yourself safe from threats like this, make sure you have an up-do-date anti-malware application, use common sense while browsing, and make sure you keep backups of all your files.

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Microsoft warns of latest malware attack, explains how to avoid secret backdoor
Privacy security stock photo.

Microsoft has recently discovered another type of malware, named FoggyWeb by Microsoft, that hackers are currently using to remotely steal network admin credentials. The credentials allow the attacker group, which the company has called Nobelium, to hack into admin accounts of the Active Directory Federation Services' (AD FS) servers and control users’ access to various resources.

Microsoft claims that this is the same group behind the SolarWinds software supply chain attack that was revealed in December.

Read more
Garmin confirms ransomware cyberattack shut down services
garmin fenix 6x pro forerunner 235 instinct vivoactive 4s fitness tracker smartwatch deals best buy fathers day sale 2020

Garmin confirmed its server outage was the result of a malware cyberattack that encrypted several of its online systems.

While Garmin did not say who was responsible for the attack, the company did label itself as a “victim,” saying later in the release that it “did not expect any material impact to our operations or financial results because of this outage.”

Read more
Travelex reportedly paid millions to hackers after ransomware attack
worlds largest retail currency dealer hit by ransomware attack travelex

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

Read more