Cerber is sold to distributors on underground Russian forums. This malware is often distributed via Exploit Kits (read more here) Checkpoint released a decryption tool working for some cases of Cerber. Cerber can encrypt files in offline mode it means it doesnt need to fetch the key from the CnC server. After encryption size of the encrypted file content is increased about 384 bytes* it may suggest, that the RSA encrypted AES key is appended to the file.”]
Source: https://blog.malwarebytes.com/threat-analysis/2016/03/cerber-ransomware-new-but-mature/