Security researchers have discovered a ransomware campaign that has been active since September. It targets individuals and demands a ransom which, if not astronomical, remains very expensive in these times of crisis.
Researchers have discovered ransomware that masquerades as a Windows Update. This new technique can be devastating, the cybercriminals demand the sum of $2500 to return their data to the victims. If the sum does not seem huge, it is because this virus specifically targets users like you and me, and not multinationals.
This campaign of ransomware spreads through Magniber, a malware well known to security experts. The latter pretends to be an antivirus or a Windows 10 update to install itself on the computer of its victims. While previously it was necessary to launch an executable file of the .exe or .msi type, its new variation goes through JavaScript files. These kinds of scripts allow ransomware to run in memory and evade Windows UAC (User Account Control).
This ransomware demands 2500 € to return their data to individuals
The cybersecurity experts at HP Wolf Security, who discovered this Magniber variationexplain that once in the system, the virus erases automatic file copies and disables backups and recovery systems: once this is done, it is effectively impossible for their target to access the data contained in the hard drive from Windows.
To get there, you must have downloaded a program from a site controlled by hackers. This is presented in the form of a ZIP containing a Javascript file supposed to be a anti-virus or a major Windows 10 update. To disable all Windows security and erase backup files, the malware must be run from a Windows administrator account, which is very common among home users.
The advice of the experts is therefore to use the Admin account only when it is really necessary and to use an account with limited rights on a daily basis. Similarly, updates should only be installed from trusted sources, preferably at the request of Windows only. The usual precautions also apply: keep your antivirus and operating system up to date.
