A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates.
Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims.
Remarkably , HP Wolf Security said, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.
It appears that with the UAC bypass, the malware deletes the infected system’s shadow copy files and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.
Having recently described the ransomware campaign in a recent interview, HP Wolf noted that the infection chain starts with a web download from an attacker-controlled website.
Furthermore, for Magniber to access and block files, it needs to be executed on a Windows account with administrator privileges – a level of access which is much more commonplace in personal systems.
“Consumers can protect themselves by following ‘least-privilege’ principles – only logging on with their administrator account when strictly needed, and creating another account for everyday use,” explained Schläpfer. “Users can also reduce risk by making sure updates are only installed from trusted sources, checking URLs to ensure official vendor websites are used, and backing up data regularly to minimize the impact of a potential data breach.”
To conclude, the company noted that this ransomware does not fall into the category of Big Game Hunting but can still cause significant damage.
“This is not a shift away from big game hunting, but rather demonstrates that not only enterprises are the focus of ransomware groups, but home users as well,” Schläpfer said.