Fake Windows 10 updates infect you with Magniber ransomware


Windows 10 on fire

Bogus Windows 10 updates are being employed to distribute the Magniber ransomware in a significant campaign that began earlier this month.

Over the past number of times, BleepingComputer has obtained a surge of requests for support with regards to a ransomware infection concentrating on consumers around the world.

When investigating the campaign, we identified a topic in our forums where visitors report becoming contaminated by the Magniber ransomware right after setting up what is considered to be Home windows 10 cumulative or stability update.

These updates are distributed underneath various names, with Gain10._Program_Update_Program.msi [VirusTotal] and Safety_Up grade_Software_Acquire10..msi remaining the most frequent.

Other downloads pretend to be Home windows 10 cumulative updates, employing bogus understanding foundation content articles, as demonstrated beneath.

Technique.Up grade.Acquire10.-KB18062410.msi

Dependent on the submissions to VirusTotal, this marketing campaign seems to have started on April 8th, 2022 and has observed significant distribution throughout the world given that then.

Though it is not 100% clear how the phony Windows 10 updates are remaining promoted, the downloads are dispersed from bogus warez and crack internet sites.

Fake warez and crack sites pushing Magniber
Faux warez and crack sites pushing Magniber
Supply: BleepingComputer

After put in, the ransomware will delete shadow volume copies and then encrypt information. When encrypting information, the ransomware will append a random 8-character extension, such as .gtearevf, as demonstrated below.

Files encrypted by Magniber
Documents encrypted by Magniber
Resource: BleepingComputer

The ransomware also generates ransom notes named README.html in just about every folder that contains guidance on how to obtain the Magniber Tor payment web-site to pay a ransom.

Magniber ransom note
Magniber ransom notice
Resource: BleepingComputer

The Magniber payment web page is titled ‘My Decryptor’ and will enable a sufferer to decrypt a single file for free of charge, get hold of ‘support,’ or identify the ransom amount and bitcoin deal with victims really should make a payment.

Magniber Tor payment site
Magniber Tor payment web-site
Source: BleepingComputer

From payment web pages found by BleepingComputer, most ransom needs have been approximately $2,500 or .068 bitcoins.

Magniber is viewed as secure, that means that it does not comprise any weaknesses that can be exploited to get well data files for absolutely free.

Sadly, this marketing campaign largely targets students and individuals instead than enterprise victims, creating the ransom demand to be far too expensive for numerous victims.


Source connection