The Magniber ransomware campaign has intensified since July 2024, targeting home users and encrypting devices globally. It demands large ransoms, ranging from $1,000 to $5,000, for decryption and is distributed via malicious software and key generators.
Magniber, which emerged in 2017 as a successor to the Cerber ransomware, has been distributed through various channels, including the Magnitude exploit kit.
This latest campaign marks a notable increase in activity, with the ransomware employing a mix of tactics to infiltrate and encrypt users’ devices, reports BleepingComputer.
The ransomware’s modus operandi involves several distribution methods: exploiting Windows zero-days, masquerading as legitimate Windows and browser updates, and utilising trojanised software cracks and key generators.
Unlike more extensive ransomware operations targeting large organisations, Magniber primarily focuses on individual users, especially those who download and run malicious software on their home or small business systems.
Since July 20, 2024, there has been a dramatic uptick in reported Magniber infections. Researchers have observed a sharp rise in victims seeking assistance through their forums, and ID ransomware has recorded nearly 720 submissions related to Magniber in the same timeframe.
Victims typically encounter Magniber after executing software cracks or key generators, a method that researchers say is consistent with the group’s past ransomware tactics.
Once executed, Magniber encrypts files on the affected devices, appending a random 5-9 character extension (e.g., .oaxysw, .oymtk) to the encrypted files.
The ransomware then leaves a ransom note titled ‘READ_ME.htm’, which includes details about the encryption and directs victims to a Tor-based ransom site. Initial ransom demands are $1,000, escalating to $5,000 if payment is not made within three days.
An earlier decryptor released by AhnLab in 2018 is no longer effective against current versions of Magniber, as the threat actors have patched the vulnerability that previously allowed for free decryption.
Researchers have urged users to avoid using software cracks and key generators, as these methods breach legal boundaries and serve as common vectors for malware distribution.
In the News: Neuralink successfully implants chip in second patient
