C3RB3R Ransomware

Cerber (also known as C3RB3R) ransomware operates as a semi-private Ransomware-as-a-Service (RaaS) and was first detected in 2016. Its activity peaked between 2016 and 2017, followed by periods of inactivity. Since 2020, Cerber has been involved in occasional campaigns with updated payloads that support both Linux and Windows operating systems. In late 2023, Cerber reappeared in new campaigns targeting vulnerable Atlassian Confluence Datacenter and Server products using CVE-2023-22518.