The Cerber ransomware was discovered in March 2016. Inspired by the Software-as-a-Service (SaaS) model, Cerber's creators distribute licenses of their ransomware to other cybercriminals in exchange for a percentage of the revenue generated by their attacks. The initial Cerber Ransomware attack begins with a phishing email. The email contains a zipped .DOT file. This .DOT file is password protected and contains a malicious macro used to deploy the malware on the local machine. Another version of Cerber uses a Windows script file (WSF) attached to a phishing email to install the malware on the local device.