The not very famous, but very harmful Magniber ransomware, through spoofing, attacks home computers and demands ransom to free files. Here's how to defend yourself:

What is Magniber ransomware

As technology becomes more prevalent in our daily lives, the risks associated with it also increase. One of the most dangerous threats to home devices is Magniber ransomware. This software became known in 2017 when it was used in targeted attacks against users in Asia, Europe and the United States. It has recently increased its attacks causing significant damage to its victims. Nonetheless, not much attention has been paid to his misdeeds. There are still not many investigations into this type of ransomware.

Magniber's attack technique

The technique used for cyber attacks is spoofing, which consists of impersonating a different identity through false communication of data. The Magniber ransomware targets the Window 10 and 11 operating systems. The process begins when the user clicks on a fake Microsoft advertisement urging a Window update. The alleged update is done by downloading a Zip file that contains a fake Microsoft Software Installer (MSI) that is passed off as an important security update. The file unzips and releases the malicious code that installs itself in the Window.

Once inside the system, Magniber uses strong encryption algorithms to lock the user's files and ask for payment to unlock them again, usually through cryptocurrencies such as Bitcoin or Ethereum, for an amount equivalent to around $2500-2800 per user . After the victim pays the ransom, the attackers provide a decryption key to restore the encrypted data.

Evolution of the Magniber ransomware

There has recently been a change in tactics by the Magniber malicious software. It seems that they have become more dangerous and now use JavaScript files to deliver their payloads instead of MSI and EXE files. This is a cause for concern because it can be difficult to detect these types of threats, especially if you don't know what you're looking for.

The JavaScript files use a variant of the DotNetToJScript technique, allowing the attacker to store a.NET executable in memory, meaning the ransomware does not need to be saved to disk. The ransomware code executes, and first disables Windows backup and restore functions before encrypting the victim's files.

Magniber requires administrator privileges to disable the victim's ability to recover their data; therefore, the malware uses a User Account Control (UAC) bypass to execute commands without notifying the user. However, the logged in user must be a member of the Administrators group for this to work. The malware enumerates files and compares their extensions with a list before encrypting them. The file is encrypted if the extension is present in the list. Finally, the malware places a ransom note in each directory that contains an encrypted file and displays it to the victim by opening the note in a web browser.

Magniber is very malicious and specifically targets home computers, laptops and other personal electronic devices, encrypting their data and making them inaccessible until a ransom is paid to unlock them.

Precautions to defend yourself from Magniber

Fortunately, there are measures that individuals can take to protect themselves from this type of attack: keeping all software updated, regularly backing up important data, using antivirus protection on all connected devices, using an adblock to block advertisements, avoiding suspicious links sent via email or text messages, never download pirated content online, etc. are just some of the measures you should take into consideration if you want your device to be safe from Magniber ransomware attacks.

While these tips may seem simple enough on paper, they are essential for protecting yourself from any form of cybercrime, including those carried out by Magniber ransomware attackers, who are known for targeting both businesses and private citizens with devastating consequences for those affected.

If you have been the victim of an attack, report it to the Postal Police

The Postal and Communications Police has jurisdiction over computer crimes and is responsible for protecting online data and preventing computer scams. If you believe you have been the victim of a cyber crime, you can file a report with the Postal Police through the online portal or by contacting their support services.

If the report is made online, it will still be necessary to go to the nearest Postal Police section to validate the report.

It is important to make a report because in this way the Police can begin investigations and is also informed of new types of crime. By knowing the methods of the cyber attack, the Police can also make public statements to inform the population and give suggestions on how to behave to avoid being victims of this type of cyber attack.

error: Content is protected !!