{"id":25027,"date":"2024-08-06T03:10:08","date_gmt":"2024-08-06T11:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/08\/06\/news-18757\/"},"modified":"2024-08-06T03:10:08","modified_gmt":"2024-08-06T11:10:08","slug":"news-18757","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/08\/06\/news-18757\/","title":{"rendered":"Magniber ransomware targets home users"},"content":{"rendered":"\n

If you\u2019ve been following any news about ransomware<\/a>, you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that\u2019s true.<\/p>\n

However, Magniber is one ransomware that does target home users. And it’s back, with full force, demanding four figure ransoms to unencrypt data.<\/p>\n

BleepingComputer, which has a dedicated forum for ransomware victims, reports<\/a>:<\/p>\n

\n

\u201cA massive Magniber ransomware campaign is underway, encrypting home users’ devices worldwide and demanding thousand-dollar ransoms to receive a decryptor.\u201d<\/p>\n<\/blockquote>\n

This surge was confirmed by ID-Ransomware<\/a>, which helps users to identify the ransomware family that has infected their systems. ID-Ransomware has received well over 700 requests from visitors who had their files encrypted by Magniber since July 20, 2024. Malwarebytes’ telemetry also shows an uptick in Magniber detections in July.<\/p>\n

Magniber first emerged<\/a> in 2017 when it 2024 targeted South Korean systems. In 2018, it started infecting computers<\/a> with a much more developed version which also targeted other Asian countries like Malaysia, Taiwan, and Hong Kong.<\/p>\n

The new campaign does not limit itself to specific regions and uses tried and trusted methods to reach home users\u2019 systems. The ransomware is often disguised in downloads for cracks or key generators of popular software, as well as fake updates for Windows or browsers. In some cases, the group takes advantage of unpatched Windows vulnerabilities.<\/p>\n

When infected, victims are presented with this ransom notice:<\/p>\n

\"Magniber<\/figure>\n
\n

Your important files have been encrypted due to the suspicion of the illegal content download!<\/p>\n

Your files are not damaged! Your files are modified only. This modification is reversible.<\/p>\n

Any attempts to restore your files with the third party software will be fatal to your files!<\/p>\n

To receive the private key and decryption program follow the instructions below:<\/p>\n<\/blockquote>\n

The instructions will tell you to visit a website which can only be reached by using the Tor browser<\/a>.<\/p>\n

Once the ransomware has encrypted the targeted files, it will typically request a ransom in the region of $1,000 which is raised to around $5,000 if the victim does not pay within three days. Unfortunately, old decryptors that were available for free don\u2019t work for this version.<\/p>\n

How home users can prevent ransomware<\/h2>\n

There are some rules that can help you avoid falling victim to this type of ransomware:<\/p>\n