Magniber Ransomware Is Targeting Home PC

By   ISBuzz Team
Writer , Information Security Buzz | Oct 17, 2022 02:08 am PST

HP’s Wolf Security team is reporting that Magniber ransomware is infecting home users and demanding payments of up to $2,500 for the decryption tool. Masquading as a Windows 10/11 update, attackers get users to download a Zip file containing the malware. Magniber has been primarily spread through MSI and EXE files, but since September has been using this Zip file approach to install the malware.

Excerpts:

  • The infection chain starts with a web download from an attacker-controlled website. The user is asked to download a ZIP file containing a JavaScript file that purports to be an important anti-virus or Windows 10 software update.
  • Notably, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.