The ever evolving ransomware targets Windows users and does not infect computers using the Russian language. The malware encrypts files located in multiple locations including local and remote drives, removable drives, mapped drives, and un-mapped network shares.
After encrypting the victims files, Cerber plays an audio file demanding a ransom to unlock the data. Targets include Office 365 users. The ransomware is sold to distributors on underground Russian forums.
The ransomware is distributed via spam emails and uses a combination of RSA and AES encryption. The ransomware continues to evolve and has also been circulating as a fake Chrome font pack that is distributed via compromised websites.
The polymorphic malicious software encrypts and infects files and informs the victim that pirated software has been detected. The ransomware was first spotted in 2014 and has made a surge in late 2016 and early 2017.