This is the second time Cerber has come up in the news, previously it was part of an email attack that used zipped files to get around security measures. Double zipped archives of files and folders would be sent, and opened by email servers. These archives contains a gif or MS Word documents that were actually cleverly disguised Cerber executables. Keep that in mind the next time someone sends you a funny cat gif, it could really be the executable to a piece of malware. Never open emails from unknown senders, ever.
Cerber is a piece of ransomware, it works by encrypting or somehow denying you access to your own files. It works by modifying your Windows Registry file, which can be dangerous to fix. Messing up your registry file is good way to brick your device, and it shouldn’t be done if you don’t know what you’re doing or can’t follow instructions well. Once your files are encrypted you’ll be notified of this by a message in English, telling you install the Tor Browser and to go to the given website. From there you can get instructions on how to get you files back in a variety of languages. You’ll be offered the chance to buy the decryptor, but if you hesitate for too long the price will double. Cerber works by infiltrating your computer and attaching itself to background processes that are capable of increasing their own importance. This means that as Cerber sits their it slowly elevates itself in the hierarchy of your computer until it’s beyond reproach. Its needs take priority over everything else on your computer and virus protection software can no longer touch it.
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.