Trend Micro researchers spotted several exploit kits delivering Cerber 4.0 ransomware just a month after the release of version 3.
The upgraded malware includes a shift in the ransom note's formation from html to .hta and the authors are now generating a random string as the new file extension for each infection, according to a 12 October blog post.
Researchers also spotted three malvertising campaigns and a compromised site delivering the ransomware.
The campaigns included a continuously changing campaign named PseudoDarkleech which mostly delivers ransomware through compromised sites, a campaign that employs the Magnitude exploit kit and targets countries in Asia, a campaign which typically employs a casino-themed fake advertisement, and a campaign that distributes malware in the US, Germany, Spain, Taiwan and Korea.
Researchers recommend users keep three copies of their data, two on two separate devices and one stored in a secure location to mitigate tactics.