Ransomware

Cerber

First seen: 2016 • Status: inactive

Currently Inactive

Cerber was one of the first ransomware franchises where criminals could rent the software, and it even talked to victims through their speakers.

Overview

Cerber was ransomware-as-a-service that pioneered the RaaS business model. It featured voice synthesis to read ransom notes aloud and had a sophisticated affiliate program.

Also Known As

Cerber ransomware, CRBR

How It Spreads

  • Exploit kits
  • Malvertising
  • Spam campaigns

What It Does

  • File encryption
  • Voice synthesis ransom notes
  • Bitcoin/Dash payment
  • RaaS operations

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Cerber payment sites
  • Check for audio ransom notes
  • Analyze encrypted file extensions

MITRE ATT&CK Techniques

T1486, T1189, T1566, T1491

If You're Infected

  1. 1.

    Cerber is no longer active

  2. 2.

    Some variants may have decryptors available

  3. 3.

    Restore from backups

Related Malware

Locky, Samsam, Gandcrab

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices