Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous.
Cerber, which is best known for its high-creep factor in using text-to-speech to “speak” its ransom note to victims, was first spotted in the wild in February. Its typical distribution method was via exploit kits, with Magnitude and Nuclear Pack exploiting a zero day in Adobe Flash Player (CVE-2016-1019). But as recently as May 4, FireEye reports, Cerber is now part of a spam campaign linked to Dridex botnets.