I have written about this ransomware for SCMagazineUK and I would like to provide a summary about this ransomware in this blog post.
You can read the complete article here
Once again, security researchers tracked the distribution of Cerber Crypto-Ransomware by email campaign.
This ransomware has been distributed earlier by
- Email campaign ( with Macro-enabled Word document file attachment)
- Exploit kits
What makes it different from the earlier distributions is the use of Windows Script Files (WSFs) inside a double zipped file attachment in the email send to the victims.
Attackers also provide a unsubscribe link in the email that redirects the victim to the same zipped file.
After the zipped file is downloaded and the WSF is executed, the ransomware will be downloaded and encrypt files on the victim’s system.
A Windows script (*.wsf) file is a text document and can contain scripts from any Windows Script compatible scripting engine in a single file. WSFs are executable with the Windows wscript.exe utility.
read more about this file here