Updated Cerber Version 3 Among Evolution of Un-Decryptable Ransomware

In the recent analysis of ransomware, computer security researchers have uncovered threats that have evolved to the point of using aggressive methods to encrypt files and demand ransom payments to decrypt files. Cerber Ransomware, a threat that was popularized earlier this year, has evolved from several variations and its most recent release, dubbed Cerber version 3 or ".cerber3" due to the file extension tagged on its encrypted files, is undecryptable.

Cerber Ransomware v3 has been found to be circulated in the wild, and no longer permits file decryption, which in turn means that all victimized computer users will lose their files permanently without any chance of recovery unless they have a backup of their hard drive available.

Fundamentally, Cerber Ransomware v3 is part of an infrastructure of the Cerber Ransomware that was first spotted during the first quarter of 2016 and later garnered its cybercrook gang monumental profits. During the time of Cerber's evolution, which initially kicked off about five months after its first conception, there were variations of the ransomware that would exhibit strange behavior. Among the strange activities that different variations of Cerber conducted was an instance where the ransomware would audibly announce a creepy voice on infected computers. The audio announcement was an addition to the normalized threat notification that Cerber Ransomware would display, which essentially notified victimized computer users of their documents, photos, and databases being encrypted.

The latest version of Cerber, version 3, takes a new approach, one that circumvents any decryption tools or processes that may have been available for previous iterations of the ransomware. Such tools have permitted victimized computer users to decrypt the files without paying the demanded ransom fee. With the Cerber team releasing version 3 of the ransomware, they have gone the extra step to not only limit the use of decryption tools, but Cerber3 no longer has or provides a decrypter. Ultimately, Cerber3 will never allow decryption of files that were decrypted and tagged with a .cerber3 file extension no matter how much money you want to throw at its authors or perpetrators.

To make matters worse, the spreading matrix of Cerber3 has expanded where it uses malvertizing exploits through RIG and Magnitude exploit kits. Such exploit kits are known for aggressive spam campaigns that carry malicious attachments using JavaScript code to install ransomware. Using the exploit kits within malvertising campaigns creates a whole new slew of issues, such as common pop-up advertisements leading unsuspecting computer users to malicious sources that may eventually install Cerber Ransomware version 3.

While the latest version of Cerber has indeed captivated the security world when it comes to the most aggressive forms of ransomware, we expect there to be a severe outbreak of the newer threat that could extort money from victimized computer users at unprecedented rates. Moreover, those victimized by Cerber3 wouldn't have any recourse to decrypting their files other than banking on restoring their hard drive from a backup of their hard drive, if the proactive steps to back up their system have been taken.

The video below is a demonstration from the security researcher GrujaRS of Cerber3 Ransomware taking hold of a PC and locking the user out of utilizing or accessing files.