Cerber is the name of a new strain of ransomware which takes creepiness to an upper level.
The three files which this ransomware places on the user’s desktop are called “# DECRYPT MY FILES #.” The files contain instructions about the ransom amount and how the victim can pay it.
One of the files is your standard TXT format, one is HTML and the third one is rather strange. It contains a Visual Basic Script, which contains text-to-speech code that converts text into an audio message.
“When the above script is executed, your computer will speak a message stating that your computer’s files were encrypted and will repeat itself numerous times,” a security researcher explained.
The developers of Cerber are selling the tool as Ransomware-as-a-Service (RaaS), so that practically anyone can use it without any coding experience. Also, it is not difficult to find out where this new strain originated.
When first run, Cerber will check to see if the victim is from a particular country. In case the virtual machine is from any of the following countries, it will terminate itself and not encrypt the computer: Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine, Uzbekistan. Yet, any user should make sure that his/her PC is well-protected against malware.
