Security researchers noticed a recent malicious campaign using fake security updates to deploy Magniber ransomware on Windows devices.
After launch, the script injects malicious code into another process and uses it as a host to run further commands, such as deleting shadow copy files, disabling Windows’ backup and recovery features, and ultimately encrypting victims’ files.
Magniber cunningly bypasses User Account Control (UAC) to gain elevated privileges and run commands without alerting the victim. For this to work, the user must have an Administrator account or be a part of the Administrators group.
Once the malware gains admin privileges, it enumerates files on the compromised device, uses a list to cross-check their extensions, and encrypts matching documents. Once the encryption is finished, Magniber plants a ransom note in each directory that holds an encrypted file and displays it for the victim in a web browser.
To mitigate Magniber attacks, users should refrain from downloading software updates from unknown sources, perform regular data backups (offline or cold backups are even better), and avoid using administrator accounts if they’re not needed.
Specialized software solutions like Bitdefender Ultimate Security, with its extensive range of features, can protect you against ransomware and other types of cybernetic threats:
- All-around 24/7 data protection against worms, viruses, Trojans, ransomware, spyware, rootkits, zero-day exploits and other types of e-threats
- Multi-layer ransomware protection that keeps your documents safe against all kinds of ransomware attacks
- Advanced Threat Defense module that closely monitors active apps and takes instant action upon detecting suspicious activity
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022