Hello Guys, I am writing this to share a horrible experience that I very recently had with a buyer on fiverr.
A few days ago while going through the buyer’s requests I saw a request from a buyer who was looking for sellers with high performance PC’s and stating that he had few algorithms to run and need some light database work. I sent him an offer. After sometime I got a reply from him in which he stated that I would need to run a beta version of a database software on my computer which they have modified according to their needs. He wrote some ambiguous description of work saying that the work is repetitive and it is not boring as it seems. He provided me a file saying that I need to run it and he will walk me through the procedure and after a few runs I will be good to go. When I tried to download the file I could not because my computer deleted it. I turned off the protection while blindly trusting on buyer and ran that file. After double clicking the file nothing happened. I repeatedly texted the buyer but he did not reply. After a while I opened task manager and I saw that the same executable was still executing and CPU and disk utilization was 100% by that file. I immediately terminated it and forced terminated that process.
Later on I came to know that all of my files across all drives including images, documents, pdfs, etc were encrypted and having a .cerber extension with a warning in text document stating that the worst has happened and it could only be reversed if I pay ransom in the form of bitcoin by going to one of the following .onion links through tor.
In short, I became the victim of cerber ransomware because I blindly trusted a client and I wanted a gig.
I have lost a lot of data that was very important because of this mistake.
Therefore, i just wanted to tell you that be careful and do not blindly trust any buyer and take extreme care when you are going to turn the antivirus off. If you are doing something for the buyers and you have any doubt about that do clarify with your buyer and do not act upon until he clarifies it to you.
Note : You can find more information about this kind of attack by searching with keywords Cerber Ransomware.