Cerber Crypto-Ransomware

Read me First

I have written about this ransomware for SCMagazineUK and I would like to provide a summary about this ransomware in this blog post.

You can read the complete article here 

Once again, security researchers tracked the distribution of  Cerber Crypto-Ransomware by email campaign.

This ransomware has been distributed earlier by

  • Email campaign ( with Macro-enabled Word document file attachment)
  • Exploit kits


What makes it different from the earlier distributions is the use of Windows Script Files (WSFs) inside a double zipped file attachment in the email send to the victims.

Attackers also provide a unsubscribe link in the email that redirects the victim to the same zipped file.

After the zipped file is downloaded and the WSF is executed, the ransomware will be downloaded and encrypt files on the victim’s system.

Encryption Capability
An interesting feature of this ransomware is its capability to encrypt files without calling the command and control  servers. 


What is Windows Script File

A Windows script (*.wsf) file is a text document and can contain scripts from any Windows Script compatible scripting engine in a single file. WSFs are executable with the Windows wscript.exe utility.

read more about this file here