Yikes! Vicious ransomware is masquerading as Windows Update packages to lure unsuspecting victims into malware hell, and then suddenly, their valued files are rendered inaccessible. If they want them back, they have to fork over Bitcoin.
Magniber ransomware is the name of this malicious software — and it's spreading. According to BleepingComputer, it discovered a surge in help requests regarding a strange ransomware infection, and after some research, the tech platform reportedly discovered its source.
How Magniber ransomware works
BleepingComputer's investigation discovered that a swarm of victims unwittingly installed Magniber ransomware masking itself as Windows 10 security or cumulative updates. Here are some of the common file names for the aforementioned faux updates:
The malware campaign, according to VirusTotal, likely launched on April 28. BleepingComputer suspects the infected files came from "fake warez and crack sites," platforms that illegally distribute pirated content.
How does Magniber ransomware work? Once you install it assuming it's a Windows Update, it will encrypt your files, rendering them inaccessible. A file entitled ReadMe.html will have a message that says, "Your files are not damaged! Your files are modified only. The modification is reversible. The only way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third-party software will be fatal for your files!"
The ransom note then guides the victim to visit a URL that's only accessible via the Tor Browser. The website says that if the victim can procure about $2,600 in BTC in under five days, they can regain access to their files. If not, the price jumps to more than $5,000.
How to avoid Magniber ransomware
As BleepingComputer pointed out, because Magniber ransomware is on fake warez and cracked sites, this malware often targets students and consumers who don't have the wherewithal to pay the pricey ransom.
Unfortunately, there's no way around Magniber's clutches. Once you've been infected with this wretched ransomware, you're doomed. "It does not contain any weaknesses that can be exploited to recover files for free," BleepingComputer said.
That being said, when it comes to Magniber ransomware, PC users must take a preventative approach to avoid its fatal tendrils. Michael Crider from PCWorld said it best (in all caps): "DON’T DOWNLOAD WINDOWS UPDATES FROM ANY SOURCE EXCEPT MICROSOFT."