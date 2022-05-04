A new ransomware threat has been discovered, dubbed “Magniber” and masquerading as a fake windows 10 update. This is how it manages to trick users into downloading it.

The threat is still active, so Virus Total encourages Windows users to be cautious if they receive an update to their Windows. The ransomware currently targets normal users and students, not business customers, and the ransom demanded is moderate ($2,500, a lot for one person, but not much compared to other cheats of this style)

Ransomware what it is, how it infects and how to protect yourself

This is how it reaches the teams





For its part, Bleeping Computer claims that several readers told them that they had detected the Magniber infection on their systems after downloading the cumulative updates for Windows 10. These are distributed under various names, siendo Win10.0 _System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi the most common. What is not known is how this ransonware manages to reach the user’s computer.

Suspicions point to the fact that they are spread through fakeware and sites that promote cracked software and then, upon reaching the target system, start encrypting the files, renaming them with the “gtearevf” extension. What is not known is how it becomes known. The user ends up finding a ransom note in the form of HTML “Readme” file in all your folders with instructions to recover files that the ransomware has modified.

The note also mentions that there are some “temporary” links, accessible without Tor, for the victim to download the “My Decryptor” decryption tool. Perhaps that is why he does not demand large ransoms.

To avoid getting infected with this ransomware, it is recommended, as usual, to avoid downloading cracked versions and to use only legitimate sites to download windows updates.