Researchers at Cybereason have discovered a new strain of the Cerber ransomware that implements a new feature to avoid triggering canary files. Canary files are a security measure for the early detection of threats like ransomware. Cerber now searches computers for any image file (.png,.bmp,.tiff,.jpg, etc.) and checks whether they are valid. If a malformed image is found, Cerber skips the entire directory in which it is located and does not encrypt it.”]
Source: https://securityaffairs.co/wordpress/62068/malware/cerber-ransomware-canary.html