Close attention Windows users, a new ransomware threat has hit Windows systems, identified as Magniber. It masquerades as a fake Windows 10 update to trick users into downloading it and is targeting students and consumers instead of big business or government targets.
Several users have reported problems with distributed updates with various names: “Win10.0_System_Upgrade_Software.msi” and “Security_Upgrade_Software_Win10.0.msi”. Other download files presented on these web pages as purported Windows 10 updates are “System.Upgrade.Win10.0-KB47287134.msi”, “System.Upgrade.Win10.0-KB82260712.msi”, “System.Upgrade .Win10.0-KB18062410.msi” and “System.Upgrade.Win10.0-KB66846525.msi”, according to Europa Press.
According to the data recorded by VirusTotal, the free antivirus that analyzes files and web pages, this ransomware campaign began on April 8 and has been widely distributed worldwide.
Although it is not 100% clear how fake Windows 10 updates are promoted, the downloads are distributed from fake warez and crack sites. Once installed, the ransomware will erase Shadow Volume Copies and encrypt files. While encrypting the files, the ransomware will add a random 8-character extension, such as .gtearevf. The ransomware also creates ransom notes called README.html in each folder containing instructions on how to access the Magniber Tor payment site to pay the ransom.
Magniber’s payment site is titled “My Decryptor” and allows the victim to decrypt a file for free, contact “support” or determine the ransom amount and bitcoin address where victims need to make the payment. . According to the payment pages seen by BleepingComputer, most of the ransom demands have been approximately $2,500 or 0.068 bitcoins for unlocking the terminal and this is a very large amount as we are not talking about big companies as they target students and consumers so we must be very careful.
