A couple of weeks ago, I made a demonstration analysis for a variant of Cerber ransomware and documented it.
The following is the table of contents for the document.
Symptoms of compromise Ransom notes Encrypted files Temporary files Runtime behavior Creates mutex Weakens system security Self elevates to perform administrative tasks Searches for files to encrypt Encrypts the files Displays the ransom note Deletes itself Window flashes up Configuration Final Notes