Security News > 2022 > October > Magniber ransomware now infects Windows users via JavaScript files
The downloaded malicious files contained JavaScript that initiated an intricate infection with the file-encrypting malware.
A report from HP's threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500 for home users to receive a decryption tool and recover their files.
In January, the its operators used Chrome and Edge browser updates to push malicious Windows application package files.
The shellcode deletes shadow copy files via WMI and disables backup and recovery features through "Bcdedit" and "Wbadmin." This increases the chances of getting paid as victims have one less option to recover their files.
Finally, Magniber encrypts the files on the host and drops the ransom notes containing instructions for the victim to restore their files.
Home users can defend against a ransomware attack by making regular backups for their files and to keep them on an offline storage device.
News URL
Related news
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)