Monday, August 7th 2017
Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets
"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.
The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.
Sources:
Trend Micro Cerber Ransomware Removal Tool, Trend Micro, Trend Micro on Cerber Ransomware, via HotHardware, Picture Source
The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.
29 Comments on Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets
For those of you who use cryptocurrencies - make offline backups of your wallet(s) and don't keep your coins in online exchanges. Online exchanges are not banks and cryptocurrency is completely unregulated. It's up to you to keep your coins safe.
Too volatile because there isn't anything to anchor the said value of it.
If for some reason such currency were to become the actual currency of wherever with today's standards, woudn't be long before the big crash would come and I mean hard. Yes it would happen sooner or later - Probrably sooner - Anything speculative is subject to being of a volatile nature and that's why it would happen simply due to how volatile it is period.
Gotta have something real to anchor it or it's like streamers in the wind.
Cryptocurrency is just as valid as a fiat currency as long as there is a person willing to exchange goods for the coin.
I'm not defending crytpocurrency but highlighting it is very real and it is just as valid as a fiat currency whose value is dictated to by sociopathic traders, venture capitalists and greed. Frankly, we need to get back to barter and trade, money has made the world sick. I'll give you a potato for a glass of milk.
And now if you try to put some sanity through law you get called tyrant or communist. There is no pacific solution, just wait to burn to cinders when this get totally out of control, like always.
Humpty Dumpty had a great fall.
All the King's horses, And all the King's men
Couldn't put Humpty together again!
Things such as the dollar were created and established by an official ruling body or government, cryptocurrency was originally created by an individual, other crypo currencies created since are the same way and individuals can literally create their own money via mining.
True, nothing is backed nowadays but we do know at one time it was, crypto never was in the first place.
You also don't see crypo currency being used on things like stockmarkets, just for individual transactions. I can say it's also an appealing currency for those involved with criminal activities but then again real money is too but it's harder to track crypto than the real stuff which is one of it's favored traits for criminals and those that like it.
I could have gotten into it back in 2012 no prob and probrably would have a lot of it now if I did but even back then I saw the potential problems with it so I stayed out of it. With things like wallets being stolen, ransomed and such it's very likely I would have lost at least some of it by now.
And yes, all it would take is a law being passed and it's all for nothing making it and one's efforts/investment to mine it worthless.
If you want to do it, your call but I'll pass on it.
GPU vendors want to make money. It doesnt matter to them if only miners buy them and even better if they drive up the price. Further more its even better for them since the demand for GPUs is at levels that are almost higher then they have ever been they even found a new market. Mining GPUs. Now they get the best of both worlds while catering to a new niche market.
Angry? Not a chance.
Any day the warehouse is sold out of GPUs is a good day for GPU manufacturers.
I am getting sick of the "mining degenerate" type comments on these forums though. Even not being a miner myself anymore, I see it as very poor behavior that would not be tolerated towards any other group here, and feel the mods are really lending a deaf ear to this. People need to realize we have a significant mining presence here on these forums and calling such people things is not going to get you very far.
As for "faux currency" it's about as faux currency as any currency these days not backed by something more than faith. At this point in time, bitcoin is effectively "backed" by investor money in other currencies.
While everyone else it talking about crypto-please hack my-currency.....Meantime,The other subject in this article is about passwords. Anyone foolish enough to save a text file named passwordlist.txt (or anything similar) is just asking to get hurt. A decent Password Manager that allows you to name your own keyfile to unlock your password manager will work well as long as you dont name it MyPasswordKeyfile.
Bitcoin won't end tomorrow in a "single law" because as cdawall has pointed out, the government and its members are players at this point.
mobile.devx.com/blog/agile/bitcoins-true-purpose.html
not that I would agree but it applies.