Security News > 2022 > October > Magniber ransomware now infects Windows users via JavaScript files

Magniber ransomware now infects Windows users via JavaScript files
2022-10-13 16:04

The downloaded malicious files contained JavaScript that initiated an intricate infection with the file-encrypting malware.

A report from HP's threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500 for home users to receive a decryption tool and recover their files.

In January, the its operators used Chrome and Edge browser updates to push malicious Windows application package files.

The shellcode deletes shadow copy files via WMI and disables backup and recovery features through "Bcdedit" and "Wbadmin." This increases the chances of getting paid as victims have one less option to recover their files.

Finally, Magniber encrypts the files on the host and drops the ransom notes containing instructions for the victim to restore their files.

Home users can defend against a ransomware attack by making regular backups for their files and to keep them on an offline storage device.


News URL

https://www.bleepingcomputer.com/news/security/magniber-ransomware-now-infects-windows-users-via-javascript-files/