Ransomware
Cerber
aka Cerber Ransomware
A 2016-era ransomware-as-a-service known for its 'talking' ransom note, offline encryption and one of the first major affiliate models.
Cerber was a leading ransomware-as-a-service during 2016–2017, notable for an early, well-organised affiliate program and for encrypting offline — it didn't need to contact a server first, making it fast and resilient. Victims were greeted by an unusual synthesized-voice ransom note.
Operations
Cerber spread heavily through exploit kits and malspam, and like many Russian-speaking families it deliberately skipped CIS-region systems. Its affiliate model and constant updates made it one of the most distributed ransomware strains of its day.
Decline
Cerber faded by 2018 as affiliates moved to newer RaaS brands, but its techniques influenced later operations. History is on Cyber Breaches; an offline-encryption analysis lives on the Reverse Engineering Hub.
Defense
Patch exploit-kit delivery paths, filter malspam, and keep offline backups.