Magniber Ransomware embedded in fake Windows 10 updates

Russell Kidson

Russell Kidson

  • Updated:

Windows 10 is no stranger to viruses, malware, and ransomware. But the latest widespread ransomware attack is turning out to be something particularly dangerous. A new breed of ransomware, known as Magniber, is targeting Windows 10 users and hides as a software update. 

Windows 10 DOWNLOAD

The threat actors behind the Magniber ransomware use various names under which to distribute the malware, but the most commonly used titles seem to be Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi. While these might be fairly easy for anyone with a working knowledge of computers to avoid, other sources point out that the threat actors are also using knowledge base articles to distribute the malware. 

Magniber Ransomware embedded in fake Windows 10 updates

According to submissions to VirusTotal, the Magniber ransomware campaign seems to have originated around the 8th of April 2022 and has gone global since then. We don’t have complete clarity on how exactly these fake Windows 10 updates are being promoted, but we do know that the downloads are primarily distributed from fake warez and crack websites. 

As soon as the ransomware is installed, it begins deleting shadow volume copies and will then encrypt your files. While it encrypts your files, it’ll also attach a random 8-character extension to them. One such example is .gtearevf. It also creates digital ransom notes, titled README.html, within each folder. The readme contains instructions on how to access the threat actor’s payment site using Tor in order to pay the ransom.

The payment site is titled ‘My Decryptor’ and allows users to decrypt one file for free. You can also contact ‘support’ and see the ransom amount in Bitcoin. As far as we have been able to dig, the general amount is usually around $2,500. The website also features a timer set for 5 days and a warning that if you don’t pay, some of your data will be published on the internet and sent to all your contacts. 

The tragic thing about this entire sordid enterprise is that it targets versions of Windows 10 used by general consumers and students, not enterprise versions for businesses. The ransom demand is exorbitant, to say the least, and unfortunately, there don’t seem to be any weaknesses or vulnerabilities to exploit in the ransomware.

In other Windows 10 security-related news, the BitRAT trojan malware is spreading across Windows 10 PCs using pirated versions of Windows 10. Also, here’s how to upgrade Windows to 11. The same interface is used for general Windows 10 updates. Do it by the book and avoid malware like Magniber.

Russell Kidson

Russell Kidson

I hail from the awe-inspiring beauty of South Africa. Born and raised in Pretoria, I've always had a deep interest in local history, particularly conflicts, architecture, and our country's rich past of being a plaything for European aristocracy. 'Tis an attempt at humor. My interest in history has since translated into hours at a time researching everything from the many reasons the Titanic sank (really, it's a wonder she ever left Belfast) to why Minecraft is such a feat of human technological accomplishment. I am an avid video gamer (Sims 4 definitely counts as video gaming, I checked) and particularly enjoy playing the part of a relatively benign overlord in Minecraft. I enjoy the diverse experiences gaming offers the player. Within the space of a few hours, a player can go from having a career as an interior decorator in Sims, to training as an archer under Niruin in Skyrim. I believe video games have so much more to teach humanity about community, kindness, and loyalty, and I enjoy the opportunity to bring concepts of the like into literary pieces.

Latest from Russell Kidson

Editorial Guidelines