Cerber Crypto-Ransomware

Read me First

I have written about this ransomware for SCMagazineUK and I would like to provide a summary about this ransomware in this blog post.

You can read the complete article here 

Once again, security researchers tracked the distribution of  Cerber Crypto-Ransomware by email campaign.

This ransomware has been distributed earlier by

  • Email campaign ( with Macro-enabled Word document file attachment)
  • Exploit kits


What makes it different from the earlier distributions is the use of Windows Script Files (WSFs) inside a double zipped file attachment in the email send to the victims.

Attackers also provide a unsubscribe link in the email that redirects the victim to the same zipped file.

After the zipped file is downloaded and the WSF is executed, the ransomware will be downloaded and encrypt files on the victim’s system.

Encryption Capability


What is Windows Script File