Russian Ransomware Will Encrypt Your Files And Tell You The Ransom Note, In Its Own Voice

Yes, you read that right. Cerber is a new type of ransomware. It first encrypts your files, like many of them, do, but after that, there’s a plot twist. Cerber will actually tell you about the ransom note via TTS (text-to-speech) feature. We don’t know if it has an option to read you that in a voice of an angry Russian mobster, but it’s a creative idea anyway.


Cerber is discovered by two security researchers, @BiebsMalwareGuy and @MeegulWorth, and it was first analyzed by Bleeping Computer.

First reported infections happened a couple of days ago, and the ransomware is supposedly a product of a couple of Russian hackers. They are advertising it as a RaaS (Ransomware-as-a-Service), a new ransomware business model in which the operators are providing ready-coded ransomware information to anyone who wants to buy it, to later distribute it through means of spam and phishing campaigns. The victim needs to pay the ransom in order for operators to gather a profit.

Another interesting fact, according to earlier mentioned security researchers, it’s that Cerber is precisely built to not infect users living in Russian-speaking countries. Before it encrypts your files, Cerber shows you an error notification, tricking you into restarting your PC, but only in “Safe Mode with Networking” state. After that, Cerber force restarts the computer and starts encrypting the files using AES cryptography algorithm. The bad news is that, currently, Cerber is undecryptable.

After your files get encrypted, it will place three files containing the ransom note in the text, VBS and HTML format in every folder that contains encrypted data. If you open the VBS one, Cerber will declare you the ransom note. You need to pay 1.24 Bitcoin (around $520, at the moment) to get your files back, and if you deny it, the ransom will double after a week.