Magniber ransomware disguises itself as a fake Windows 10 update and encrypts its victims’ PCs.
Magniber hides in a fake Windows 10 update.
Security experts are currently warning of fake Windows 10 updates being used in a massive campaign to spread Magniber ransomware. The infection affects users around the world.
Ransomware on fake warez and crack sites
The fake Windows 10 update is offered as a cumulative update and uses fake knowledge base articles. In most cases they are named Win10.0_System_Upgrade_Software.msi [VirusTotal] and Security_Upgrade_Software_Win10.0.msi, as reported by Bleeping Computer. According to the security experts, the infection has been underway since the beginning of April. The fake Windows updates are apparently distributed on the Internet using fake warez and crack sites.
Magniber encrypts all files
Anyone who accepts and installs the update will catch the Magniber ransomware. It encrypts all data on the infected PC and appends a random 8-character extension. The ransomware also creates a ransom note in each folder. This provides victims with instructions on how to access Magniber Tor payment page to pay their ransom and eventually get their data back.
Ransom of almost 2,500 euros
In most cases, the ransom demands are 0.068 bitcoins. According to the current exchange rate, this corresponds to around 2,492 euros. Since the ransomware is primarily aimed at students and consumers, this sum is likely to be too high for many of those affected. According to the security experts at Bleeping Computer, Magniber is considered safe. The malware therefore does not contain any vulnerabilities that could be exploited to decrypt files without paying a ransom.