Types header

Name Cerber 3
Type Crypto Ransomware
Encryption Type RSA 2048
Short Description The infection of this kind of ransomware is increasing rapidly because of RaaS (Ransomware as a Service). After the ransomware, sample infected it will ask a ransom payment.

Once the victim is infected it will encrypt the file name and appends it with .cerber3 extension. And also drops a.vbs file that makes the computer speak to the victim.

Distribution Method Cerber 3 ransomware uses magnitude exploit kit which will be able to detect the weak points in given operating system and exploits them.

The below showing the ransom note of cerber 3

cerber 3 1

More Details

After the launch of new versions of cerber ransomware seem to be very notorious since it is using immensely strong encryption. The below message showing instructions how to pay ransom in bitcoin which has the file name # HELP DECRYPT #.txt which drops in the directories where ransomware is infected.

cerber 3 2

Another variant of cerber3 has a different ransom note

(@_readme_@.txt note) as shown below

ceber 3 3

ceber 3 4

ceber 3 5

The malware authors are intended to generate its own key for each RC4 encrypted file. In effectively it will generate unique keys for each file. All of these keys are encrypted using the RSA-576 bit cipher.To encryption of the files, the 3rd variant of cerber make use of Cipher Block Chaining(CBC) mode which protects the encrypted files by permanently loose them if you try to disrupt with their code.

This kind of strategy implemented by the malware authors complicates the decryption process of files encrypted by this ransomware.

The cerber ransomware target files of extension as follows

ceber 3 6