Cerber is a crypto ransomware that was widespread like Locky, and was considered to be the twin of Locky. Cerber was also known to be talking ransomware, as it used to read aloud the ransomware warning message. It was spread via an email spam campaign, exploit kits, and via Botnet. Cerber was first seen in May 2015, but it was more prevalent in 2017.
Several dridex email spam campaigns spread it across the globe, together with Locky or sometimes alone. The emails contained docx
attachments posing as invoices. When the victim attempts to read these attachments, he gets a message that the document has a bad encoding. The victim is tempted to enable Word macros. The macros will decrypt the encoded VBScript embedded in it then execute it. The VBScript further downloads Cerber. Cerber was also known to be downloaded from the Rig and magnitude exploit kits.
A newer version of Cerber evaded security solutions by splitting up its code into smaller chunks of code. These smaller chunks were...