Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files

vissha

By vissha
in Security & Privacy News

Recommended Posts

vissha

vissha

Posted
Posted

Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files

 

A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version.

 

The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below.

 

encrypted-files.jpg

Encrypted Files

 

Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url.

 

The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes.

 

As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article.

 

Source

Link to comment
Share on other sites
  • 5 months later...
  • Replies 1
  • Views 575
  • Created
  • Last Reply
Vinay1988

Vinay1988

Posted
Posted
On 31/08/2016 at 6:39 PM, vissha said:

Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files

 

A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version.

 

The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below.

 

encrypted-files.jpg

Encrypted Files

 

Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url.

 

The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes.

 

As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article.

 

Source

Any decryptor tool for this cerber3 ransomware

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...