- Jan 24, 2011
- 9,378
VIDEO: Video Review - Cerber3 Ransomware - Demonstration of attack by @CyberSecurity GrujaRS
-----------------------------------------------------
A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version.
The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below.
Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url.
This version of Cerber continues to use the 31.184.234.0/23 range of IP addresses for stats purposes.
Read more: Cerber Ransomware switches to .CERBER3 Extension for Encrypted Files
-----------------------------------------------------
A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version.
The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below.
Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url.
This version of Cerber continues to use the 31.184.234.0/23 range of IP addresses for stats purposes.
Read more: Cerber Ransomware switches to .CERBER3 Extension for Encrypted Files
