Site icon TechNewsBoy.com

Ransomware posing as Windows antivirus update will just empty your wallet

A new strain of ransomware is posing as an update for Windows, forcing individual web users to pay roughly $2,500 in exchange for the safe return of their data.

These are the findings of an investigation by HP Wolf Security, whose experts discovered the Magniber ransomware being distributed in September this year via a website owned by the attackers.

The site entices victims to download a .ZIP archive, which holds a JavaScript file that masquerades as either an important antivirus or Windows 10 software update.

Silent encryption

Once the victim runs the file, Magniber does a couple of things, including running the ransomware in memory, bypassing User Account Control (UAC) in Windows (admin user privileges are needed) and using syscalls instead of standard Windows API libraries. All of these things allow Magniber to execute the encryption without raising alarms.

The malware also deletes shadow copy files and disables Windows’ backup and recovery features, to make sure victims have no other choice but to pay the ransom, or say goodbye to their files.

Usually, ransomware operators target companies, rather than individuals. By going after larger entities, they make sure that encrypting devices causes real damage, and forces organizations to pay the ransom demand. However, this does not make Magniber any less dangerous, or devastating, researchers are saying. 

As usual, users are urged to be careful what they download, and be suspicious of every email, text message, or phone number coming from and unknown sender. Experts are also warning users to keep their computers updated, and install antivirus programs, firewalls, and other security measures. Finally, users should not share their passwords and other authentication mechanisms with anyone, friends, family and co-workers included.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version