Earlier this year in March, Cerber, a sophisticated ransomware debuted. By September, it had matured and a massive, more sophisticated Cerber ransomware campaign was delivered through somewhat unusual phishing emails. Because it was a RaaS model, users could encounter Cerber campaigns being run by a number of malicious actors through a variety of attack vectors.
Although Cerber campaigns have been growing in size for several months now, the month of September was marked by several sharp spikes in Cerber activity. The malicious emails were noteworthy for several reasons including a series of different, yet remarkably similar Subject: lines and social engineering hooks. Additionally, a password-protected Word document foiled easy detection by anti-virus scan engines, and lent the user experience an air of additional security, reinforcing the sense among gullible users that the document they were handling was, in fact, safe.