Once again, security researchers tracked the distribution of Cerber Crypto-Ransomware by email campaign.
This ransomware has been distributed earlier by
- Email campaign ( with Macro-enabled Word document file attachment)
- Exploit kits
What makes it different from the earlier distributions is the use of Windows Script Files (WSFs) inside a double zipped file attachment in the email send to the victims.
Attackers also provide a unsubscribe link in the email that redirects the victim to the same zipped file.
After the zipped file is downloaded and the WSF is executed, the ransomware will be downloaded and encrypt files on the victim’s system.