Ransomware Report

You can check the latest ransomware information.

title
Attack distribution method Changed Magniber ransomware trend
Registration date
2022-08-04
views
19041

[ Magniber ransomware ]

[Virus/malware activity reported: Magniber ransomware]

Due to a breach believed to be in the form of Magniber ransomware,
we would like to confirm the situation and provide a warning as follows.

Ransomware name

Magniber Magniber

attack history

It is known as the successor to Cerber ransomware that appeared in 2017.
It is called Magniber ransomware and has the characteristic of operating mainly against Korean operating systems and Korean IP addresses. It continues to pose a threat and cause actual damage through diversification of attack distribution methods in 2022. .

Latest Attack Trends

Magniber ransomware continues to evolve its attack form from an infection medium in the form of a simple exe file.

Early onset

Ransomware in the form of an executable file is delivered to the user in the form of an email link or attachment so that when executed, an illegal file encryption attack is carried out.

Changes and current attack trends

  • Main attack technique – Fileless type using web browser vulnerabilities

    When the web browser security vulnerability patch on the general user's PC is not properly patched, when the user converts part of the site address to download a Youtube video, or when the existing site address is entered incorrectly (Typosquatting method: URL hijacking or fake URL) (so-called) is spread by automatically carrying out a ransomware attack and infecting files.


    [Figure 1 Example of Magniber infiltration and damage process through internet browser]

  • Main attack techniques – Attacks disguised as Windows-related essential programs

    If the web browser vulnerability is patched, the Magniber ransomware file disguised as a Windows app (APPX), Windows installer (MSI), and Windows control panel-related files (CPL) is downloaded to the user's PC, without the user even suspecting it. After causing user error by using an incorrect file name and inducing click execution, damage is caused by infecting the user's files through an attack that takes advantage of various vulnerabilities within the ransomware file.


    [Figure 2 MSI type Magniber operation method change situation]

Countermeasures and safety rules

  • Personal data and work files, such as photos and videos, are regularly backed up in storage separate from the PC or uploaded to a cloud server.
  • Refrain from executing files attached to emails, even if they were sent by an acquaintance or are simple document files.
  • Be careful about clicking on messenger or text links or downloading files through torrents.
  • Install antivirus software, always keep it up to date, and keep your operating system and major programs you use updated.
  • Be especially careful when using programs such as Internet Explorer (IE) browser or Flash for which security patches have been discontinued, and periodically check and apply major security patches.

Additional information on White Defender operating PC

  • Always use the real-time monitoring function for Whitedefender backup/recovery function.
  • Compliance with basic security rules to prevent ransomware is essential. The basic environment for ransomware prevention is Windows 10 or higher and the use of Edge/Chrome browsers. If you use your PC in an environment with weak security, you need to pay more attention to backups.
  • Promise to support rapid response to new ransomware Currently, there are 110,000 customers and users using White Defender, and we quickly analyze new ransomware and support prevention through the latest updates.

Even if you have installed White Defender, if you use your PC without following the security rules, the chances of being infected with ransomware increase. There is no solution that can 100% prevent ransomware, but WhiteDefender is continuously working to prevent it 100%.

Watch Magniber blocking video

Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|