A new strain of ransomware is posing as an update for Windows, forcing individual web users to pay roughly $2,500 in exchange for the safe return of their data.
These are the findings of an investigation by HP Wolf Security, whose experts discovered the Magniber ransomware being distributed in September this year via a website owned by the attackers.
Once the victim runs the file, Magniber does a couple of things, including running the ransomware in memory, bypassing User Account Control (UAC) in Windows (admin user privileges are needed) and using syscalls instead of standard Windows API libraries. All of these things allow Magniber to execute the encryption without raising alarms.
Usually, ransomware operators target companies, rather than individuals. By going after larger entities, they make sure that encrypting devices causes real damage, and forces organizations to pay the ransom demand. However, this does not make Magniber any less dangerous, or devastating, researchers are saying.
As usual, users are urged to be careful what they download, and be suspicious of every email, text message, or phone number coming from and unknown sender. Experts are also warning users to keep their computers updated, and install antivirus programs, firewalls, and other security measures. Finally, users should not share their passwords and other authentication mechanisms with anyone, friends, family and co-workers included.