Cerber ransomware decryption tool, recently made available by cybersecurity firm Check Point for current and potential victims, was available for just a day before the authors of the ransomware hit back, fixing a flaw and essentially rendering the decryption tool created by security researchers, useless.
Check Point also recently released an in-depth expose on how ransomware-as-a-service campaigns are proving to be increasingly prosperous for cybercriminals. Following the release of the report, however, the hackers behind Cerber, corrected the flaw in the ransomware’s code, which had previously made it possible for encrypted files to be decrypted by security researchers.
According to Check Point, “During the time the decryptor was functional, hundreds of users managed to decrypt their files using our decryptor. Unfortunately, following our report, the authors of Cerber managed to fix the flaw in their encryption process which enabled us to decrypt files encrypted by Cerber.”
The correction of the flaw is not the only change made. Cerber developers also added a captcha system to the ransomware’s payment site, Bleeping Computer reported. The captcha system, which is allegedly filled with hand-scrawled human faces, prompts users to click on matching faces, undergoing allegedly three stages of verification, before they can enter the site. The newly added captcha system was likely added to disable Check Point’s automated service.
While it was functional, Check Point’s decryption tool allowed users to decrypt files from Cerber ransomware versions 1 and 2, which led some to speculate that the security firm may indeed have managed to get their hands on the ransomware’s master decryption key. However, that does not appear to be the case. It is still uncertain as to what the flaw was that allowed Check Point to decrypt files in the first place. The captcha system added by Cerber developers could possibly be either an additional security measure adopted by the authors of the ransomware, or a way to prevent the flaw being accessed and exploited by security researchers.
Meanwhile, Check Point has vowed to continue combating ransomware. “We will continue to search for new ways to decrypt files encrypted by Cerber and other ransomware, and return them to their rightful owners,” the security firm said.