You can check the latest ransomware information.
[ Magniber ransomware ]
[Virus/malware activity reported: Magniber ransomware]
Due to a breach believed to be in the form of Magniber ransomware,
we would like to confirm the situation and provide a warning as follows.
Ransomware name
Magniber Magniber
attack history
It is known as the successor to Cerber ransomware that appeared in 2017.
It is called Magniber ransomware and has the characteristic of operating mainly against Korean operating systems and Korean IP addresses. It continues to pose a threat and cause actual damage through diversification of attack distribution methods in 2022. .
Latest Attack Trends
Magniber ransomware continues to evolve its attack form from an infection medium in the form of a simple exe file.
Early onset
Ransomware in the form of an executable file is delivered to the user in the form of an email link or attachment so that when executed, an illegal file encryption attack is carried out.
Changes and current attack trends
Main attack technique – Fileless type using web browser vulnerabilities
When the web browser security vulnerability patch on the general user's PC is not properly patched, when the user converts part of the site address to download a Youtube video, or when the existing site address is entered incorrectly (Typosquatting method: URL hijacking or fake URL) (so-called) is spread by automatically carrying out a ransomware attack and infecting files.
[Figure 1 Example of Magniber infiltration and damage process through internet browser]
Main attack techniques – Attacks disguised as Windows-related essential programs
If the web browser vulnerability is patched, the Magniber ransomware file disguised as a Windows app (APPX), Windows installer (MSI), and Windows control panel-related files (CPL) is downloaded to the user's PC, without the user even suspecting it. After causing user error by using an incorrect file name and inducing click execution, damage is caused by infecting the user's files through an attack that takes advantage of various vulnerabilities within the ransomware file.
[Figure 2 MSI type Magniber operation method change situation]
Countermeasures and safety rules
Additional information on White Defender operating PC
Even if you have installed White Defender, if you use your PC without following the security rules, the chances of being infected with ransomware increase. There is no solution that can 100% prevent ransomware, but WhiteDefender is continuously working to prevent it 100%.