vissha Posted August 31, 2016 Share Posted August 31, 2016 Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version. The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below. Encrypted Files Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url. The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes. As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article. Source Link to comment Share on other sites More sharing options...
Vinay1988 Posted February 19, 2017 Share Posted February 19, 2017 On 31/08/2016 at 6:39 PM, vissha said: Cerber Ransomware Switches To .CERBER3 Extension For Encrypted Files A new version of the Cerber Ransomware has been discovered by AVG security researcher Jakub Kroustek that switches from the .CERBER2 extension to .CERBER3 for encrypted files. When I tested this new sample, there was some minor outward differences between this version and the previous version. The most notable difference is that this new version will now append the .CERBER3 extension to encrypted files. This is shown in the sample pictures folder shown below. Encrypted Files Another notable difference is that this version has changed the ransom note names to # HELP DECRYPT #.html, # HELP DECRYPT #.txt, and # HELP DECRYPT #.url. The previous Cerber version had also sent UDP packets to the 31.184.235.0/24 range of IP addresses. This version appears to be using the 31.184.235.0/24 range for statistical purposes. As this version is further analyzed, more information may become available. When this happens, I will be sure to update this article. Source Any decryptor tool for this cerber3 ransomware Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.