Magniber Ransomware embedded in fake Windows 10 updates

Russell Kidson


Windows 10 is no stranger to viruses, malware, and ransomware. But the latest widespread ransomware attack is turning out to be something particularly dangerous. A new breed of ransomware, known as Magniber, is targeting Windows 10 users and hides as a software update. 

Windows 10 DOWNLOAD

The threat actors behind the Magniber ransomware use various names under which to distribute the malware, but the most commonly used titles seem to be Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi. While these might be fairly easy for anyone with a working knowledge of computers to avoid, other sources point out that the threat actors are also using knowledge base articles to distribute the malware. 

Magniber Ransomware embedded in fake Windows 10 updates

According to submissions to VirusTotal, the Magniber ransomware campaign seems to have originated around the 8th of April 2022 and has gone global since then. We don’t have complete clarity on how exactly these fake Windows 10 updates are being promoted, but we do know that the downloads are primarily distributed from fake warez and crack websites. 

As soon as the ransomware is installed, it begins deleting shadow volume copies and will then encrypt your files. While it encrypts your files, it’ll also attach a random 8-character extension to them. One such example is .gtearevf. It also creates digital ransom notes, titled README.html, within each folder. The readme contains instructions on how to access the threat actor’s payment site using Tor in order to pay the ransom.

The payment site is titled ‘My Decryptor’ and allows users to decrypt one file for free. You can also contact ‘support’ and see the ransom amount in Bitcoin. As far as we have been able to dig, the general amount is usually around $2,500. The website also features a timer set for 5 days and a warning that if you don’t pay, some of your data will be published on the internet and sent to all your contacts. 

The tragic thing about this entire sordid enterprise is that it targets versions of Windows 10 used by general consumers and students, not enterprise versions for businesses. The ransom demand is exorbitant, to say the least, and unfortunately, there don’t seem to be any weaknesses or vulnerabilities to exploit in the ransomware.

In other Windows 10 security-related news, the BitRAT trojan malware is spreading across Windows 10 PCs using pirated versions of Windows 10. Also, here’s how to upgrade Windows to 11. The same interface is used for general Windows 10 updates. Do it by the book and avoid malware like Magniber.

You may also like