C3RB3R

Cerber ransomware, active since 2016, has resurfaced occasionally using the name C3RB3R. It operates as a semi-private Ransomware-as-a-Service (RaaS) and targets both Windows and Linux environments. Cerber typically uses AES + RSA cryptographic methods and appends the .L0CK3D extension to encrypted files. It executes operations via phishing, malicious macros, and has even leveraged vulnerabilities such as Atlassian Confluence’s CVE-2023-22518 for deployment. Victims are directed to Tor-hosted payment portals for decryption instructions.