Attackers Use Fake Windows 10 Update To Spread Magniber Ransomware

Attackers use fake Windows 10 updates to spread the Magniber ransomware. Posts on VirusTotal showed that the attack began on April 8 and had since recorded a massive spread.

Magniber ransomware primarily targets students and consumers and not on corporate victims. The ransomware operators demand ransom, which is set at about $2,500 or 0.068 Bitcoins.

These malicious updates are distributed under various names, including Win10.0_System_ Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi. The downloads for the fake Windows 10 updates are distributed from fake warez and crack sites.

Once the malicious updates are installed, the ransomware will delete shadow volume copies and then encrypt files.

When encrypting files, the ransomware also creates ransom note names README.html in each folder. The ransom note contains instructions on how to access the Magniber Tor payment site to pay a ransom.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web