Cerber

Distribution Route

The most representative infection method of Cerber ransomware is the automatic infection when accessing websites containing vulnerable code in a poorly updated PC environment, which is generally known to block advertising banners, but accessing problem sites itself is likely the starting point of infection.
Some of them are also infected by e-mail, and the code (macro) inserted inside when browsing the downloaded doc file may be infected.
It can also be caused by infection through P2P and not closing the adware advertisement window.

Filename Extension

If infected, encrypt the file and change the extension to .cerber or .cerber1, .cerber2.

Characteristics

It's famous for talking about ransomware. In case of infection, Outputs a voice message called "Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted".
It is mainly targeted at the Asia-Pacific region and requires the attention of domestic users.
It sends UDP packets using the IP address and subnet mask value stored in the malware, and the file is encrypted even when the network is not connected.
Cerber removes Windows volume shadows, making Windows system unrecoverable.
It has evolved to encrypt files on all PC-accessible storage (Cloud Drive, Local Disk, USB Drive, NetWork Drive).
Cerber ransomware was mainly active in 2016, and 60% of domestic ransomware was Cerber in the second half of 2016.