No end for Cerber Ransomware in 2017

Cerber Ransomware has been on the raise in 2016. There has been several campaigns – and the worse thing: it seems that Cerber won’t fade away in 2017.


A fake credit card email campaigns addressed people who are shopping lately for holiday season 2016 contains a Cerber download link (see this Microsoft article). But there has been several campaigns over the last months of 2016 (see the graph below).

 Cerber campaigns
(Source: Microsoft)

Cerber will be distributed in most cases via an e-mail attachment, like it is shown below as a zip attachment.

Cerber attachment
(Source: Microsoft)

Microsoft has analyzed telemetry data from Windows Defender. The result shows that this latest exploit kit attack that leads to Cerber largely affects Asia and Europe.

Cerber infections
(Source: Microsoft)

Each campaign delivers variants of Cerber, but all variants tries to encrypt user data on infected systems and ask for money to unencrypt the data. Windows 10 has security technologies that can detect this new batch of updated Cerber ransomware. Microsoft is discussing further details about Cerber within this Technet blog post.


This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *