Cerber Ransomware: What it is, how it spreads, and how to recover safely

Cerber Ransomware

What it is

Cerber is ransomware run like a business (“RaaS”). The operators rent the malware to affiliates, who break in, encrypt files, and demand payment—then share the profits with Cerber’s creators.

How it spreads

  • Phishing emails with booby-trapped attachments or links

  • Malicious or hacked websites (drive-by downloads)

  • Exploited remote access (weak RDP/VPN) and unpatched software

What you may notice

  • Files won’t open and get new extensions

  • Ransom notes dropped across folders

  • Security tools disabled; sudden CPU/disk spikes

If it hits (act fast)

  1. Isolate affected machines (unplug/disable Wi-Fi).

  2. Do not delete ransom notes/logs; they help recovery.

  3. Check offline backups; rebuild clean systems if possible.

  4. Rotate admin/domain passwords from a clean device.

  5. Engage IR/IT support; consider reporting to authorities.

Prevent it

  • Patch OS/apps; lock down or remove unused remote access.

  • Enforce MFA everywhere, least-privilege for admins.

  • Use reputable EDR/anti-malware and email filtering.

  • Keep offline, tested backups; practice restore drills.

  • Train staff to spot phishing and fake updates.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Clop Ransomware

        What it is Clop is big-game ransomware: attackers break into a network, encrypt files, and demand payment to unlock them—often with data theft first to pressure victims (double extortion). It mostly targets Windows environments and larger ...

      • CryptoLocker Ransomware

        What it is CryptoLocker is ransomware that breaks into a Windows PC, hunts for documents (on the computer and connected drives), encrypts them with strong keys, and then demands a payment to unlock your files. You’ll see a ransom note saying your ...

      • BabLock Ransomware

        What it is (in plain words): BabLock is ransomware that breaks into Windows and Linux systems, scrambles (encrypts) your files, and demands payment to unlock them. It typically goes after small and mid-size businesses where one infected PC can ...

      • REvil Ransomware

        What it is REvil is a high-impact ransomware family run as ransomware-as-a-service (RaaS). The core crew builds the malware and portal, while affiliates break in, steal data, and deploy the encryptor; profits are split between them. REvil uses ...

      • Djvu (STOP) Ransomware

        What it is Djvu - also called STOP - is ransomware that breaks into Windows PCs, encrypts your files, and adds new extensions (often .djvu, .stop, or a variant). A note then demands payment in crypto to unlock them. For details and removal tips, see ...