Cetori Virus Ransomware

The BtCIRT has recently been alerted of a new ransomeware attack known as the Cetori Virus Ransomware. The team would like system administrators and users in general to be informed and protect yourself from this attack:

Description:

The Cetori is a virus based on the code of STOP ransomware. It drops an executable file on the system to trigger a sophisticated infection process. Once the ransomware is running on the system it becomes able to pass through several attack stages. Such kind of malware primarily aims to find valuable personal files stored on the infected PCs and encrypt them with a strong cipher algorithm. It is known that the Cetori virus uses a strong algorithm to encrypt target user data. That’s why all corrupted files remain inaccessible. Additionally, their names are renamed with the extension .cetori. The Cetori ransomware tries to extort a ransom fee for their decryption. For the purpose, it drops a ransom message and loads it on the screen.

Cetori Virus Distribution Methods

The malicious samples that trigger Cetori virus may be delivered via a Word document attached to an email or sent via a message on any social media channel. It is also possible the document to be added to a ZIP archive file. Once the file is started on the PC, it may ask you to enable macros which will start the Cetori infection. The document may also be designed to display a system notification that misleads victims to click the “OK” button in order to open the content of the file. Another commonly used trick of ransomware and malware dissemination is a spoofed link that redirects to a crafted web page that can automatically download the payloads on the PC. The sender itself may impersonate well-known companies and services. However, malicious traits can be revealed almost always. Online scanning services like ZipeZip (free online archive extractor and malware scanner) and VirusTotal (a free service that analyzes suspicious files and URLs) can help the detection of potential malware infections.

How to Prevent such infections:

  • Enable and properly configure your Firewall.
  • Install and maintain reliable anti-malware software.
  • Secure your web browser.
  • Check regularly for available software updates and apply them.
  • Disable macros in Office documents.
  • Use strong passwords.
  • Don’t open attachments or click on links unless you’re certain they’re safe.
  • Regularly your data.

Reference:

  1. https://www.pandasecurity.com/mediacenter/malware/stop-ransomware-victims/
  2. https://bestsecuritysearch.com/remove-cetori-virus-restore-files/