On December 23rd the latest version of Cerber paid a visit to one of my customers. Strangely enough, all it managed to do was post the ransom note (red background to text) on the desktop. Nothing was encrypted.
A Windows 10 professional machine, on domain
The defenses in place where:
Flash disabled on all installed browsers
windows scripting host disabled
execute disabled in temp folders by group policy
When I first looked at the machine, Windows Defender was disabled. In the Windows notification pane I can see that Defender tried to remove the malware 17 times immediately after the infection occurred.
The defenses used where real easy to implement. Hope this info helps someone.