A ransomware called Cerber has been floating around for about a week, but we were not able to retrieve a sample until today. Thanks to @BiebsMalwareGuy and @MeegulWorth, samples were found and further analysis of the ransomware could be done. When infected, a victim's data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. Unfortunately, at this point there is no known way to decrypt a victim's encrypted files for free.
At this time we do not currently know how the Cerber ransomware is being distributed, but according to SenseCy, it is being offered as a service on a closed underground Russian forum. This means that it is probably a new Ransomware as a Service, or RaaS, where affiliates can join in order to distribute the ransomware, while the Cerber developers earn a commission from each ransom payment.
For anyone who is infected with this ransomware or wants to discuss the infection, we have a dedicated support topic here: CERBER Ransomware Support and Help Topic. http://www.bleepingcomputer. com/forums/t/606583/cerber- ransomware-support-and-help- topic-decrypt-my-files- htmltxtvbs/
Widespread Attack on Office 365 Corporate Users with Zero-day Ransomware Virus- http://www.avanan.com/ resources/attack-on-office- 365-corporate-users-with-zero- day-ransomware-virus
Checkpoint blogged about it in detail: http://blog.checkpoint.com/ 2016/06/20/cerber-ransomware- targets-u-s-turkey-and-the-uk- in-two-waves/
Sample Analysis: