This is a precautionary advisory for users who frequently visit the website of the popular remote desktop sharing software called Ammyy Admin.
Quick Heal Labs has observed that a new variant of the Cerber3 Ransomware is being spread through the Ammyy Admin software on the official Ammyy Admin website. This news, however, is not surprising as this website has been found to host malware on several other instances. In a previous case, the website was found to spread the notorious Cryptowall 4.0 Ransomware.
Fig 1 Ammyy Admin official website
The Quick Heal Threat Research and Response Team recently observed increased cases of Cerber ransomware infections wherein the victims had downloaded and run the Ammyy Admin software from the original website. And our analysis of the malware found these observations to be true.
A technical analysis of the ransomware is available in this downloadable PDF.
How Quick Heal helps
Quick Heal Web Security feature proactively detects and blocks websites on the basis of their malicious reputation and inconsistency in delivering actual applications.
How to Stay Safe from the Cerber Ransomware?
• Avoid visiting the Ammyy Admin website.
• Remove the Ammyy Admin software if you have it on your computer.
• Do not respond to unknown or unwanted emails that urge you to click on links or download attachments, no matter how urgent such emails might sound.
• Run an antivirus software that detects and blocks infected websites and emails with malicious content.
• Take regular backups of your important files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
• Apply all recommended security updates (patches) to your Operating System, programs like Adobe, Java, Internet Browsers, etc. These updates fix security weaknesses in these programs and prevent malware from exploiting them.
Subject Matter Experts
• Shantanu Vichare
• Dipali Zure
– Threat Research and Response Team