>
A new form of ransomware masquerades as an update to Windows, forcing individual Internet users to pay approximately $2,500 in exchange for securely returning their data.
That’s according to an investigation by HP Wolf Security, whose experts discovered the Magniber ransomware that was distributed in September this year via a website owned by the attackers.
The site entices victims to download a .ZIP archive, which contains a JavaScript file masquerading as a major antivirus or Windows 10 software update.
Silent encryption
Once the victim runs the file, Magniber does a number of things, including running the ransomware in memory, bypassing User Account Control (UAC) in Windows (admin user privileges are required), and using syscalls instead of standard Windows API libraries. All these things allow Magniber to do the encryption without raising the alarm.
The malware also deletes shadow copy files and disables Windows backup and restore functions, ensuring that victims have no choice but to pay the ransom or part with their files.
Usually, ransomware operators target companies rather than individuals. By going after larger entities, they ensure that encrypted devices do real harm and force organizations to pay ransoms. However, this doesn’t make Magniber any less dangerous or devastating, researchers say.
As usual, users are urged to be careful about what they download and to be wary of any email, SMS, or phone number that comes from an unknown sender. Experts also warn users to keep their computers up to date and install anti-virus, firewall and other security measures. Finally, users should not share their passwords and other authentication mechanisms with anyone, including friends, family and colleagues.