The security expert Bryan Campbell has recently noticed that Cerber Ransomware 5.0 is being distributed via RIG-V exploit kits.
Thanks to the RIG-V exploit kits, the ransomware could be installed on a victim’s PC without their knowledge while they are browsing a corrupted website or via malvertising.
It is almost certain that Cerber Ransomware 5.0 is also being distributed via email campaigns, however, there are no samples of these emails yet.
According to Marcelo Rivero, Cerber 5.0.1 has already been registered.
Being installed on the system, Cerber Ransomware 5.0 will encrypt the victim’s data and demand a ransom payment in bitcoins in order to decrypt the infected files.
The security researcher BloodDolly states that the latest changes in Cerber version 5.0 are the following:
– The .secret extension was added to the list of files types targeted for encryption.
– The ransomware will now skip 640 bytes, compared to 512 bytes in previous versions, when encrypting a file.
– The minimum file size that Cerber will encrypt a file is now 2,560 bytes, compared to 1,024 bytes in previous versions. This means that any file that is smaller than 2,560 bytes will not be encrypted.
In addition, there were some changes in the IP ranges that used to send statistical UDP packets. The ranges are: 220.127.116.11/27, 18.104.22.168/27, and 22.214.171.124/22.