- Feb 4, 2016
- 2,520
Magniber is a new ransomware being distributed by the Magnitude Exploit Kit that appears to be the successor to the Cerber Ransomware. While many aspects of the Magniber Ransomware are different than Cerber, the payment system and the files it encrypts are very similar.
Magniber was first discovered by security researcher Michael Gillespie when he saw victims uploading encrypted files and ransom notes to his ID-Ransomware site. Then, on October 16th, security researchers Kafeine, Joseph Chen, and malc0de discovered that the Magnitude exploit kit, which was previously the last distributor of Cerber, had begun to distribute a new ransomware that was specifically targeting South Korean victims.
Thus Magniber (Magnitude+Cerber) was born.
The good news is that this ransomware may be decryptable, so do not pay the ransomware without contacting us first. For anyone who is infected with this ransomware or wants to discuss the infection, we have a dedicated Magniber Ransom Support & Help Topic topic.
Many people, including myself, have analyzed this ransomware. I would like to thank Fabian Wosar, Jack, Joseph Chen, Kafeine, malc0de, & Michael Gillespie for their contributions to this article.
Magniber distributed via exploit kits
Kafeine and Joseph Chen discovered that Magniber is being distributed through malvertisements displayed by the Magnitude exploit kit that are specifically tageting users from South Korea. In a report by Trend Micro, fraud researcher Joseph Chen explains how the Magnitude exploit kit is currently focusing on victims in South Korea.
Magniber the succesor to Cerber?
While victims are still submitting reports to ID-Ransomware, since mid September, Cerber has almost gone silent with no major distribution campaigns underway. Kafeine then noted that the Magnitude exploit kit was the last distributor that he knew of for Cerber, which had also stopped distribution in September as well.
Suddenly, Magnitude, the last known distributor of Cerber, begins to distribute another ransomware that has the exact same payment site as Cerber. While this does not mean that Magniber shares the same code base, which I do not believe it does, it may be possible that the payment system was migrated to Magniber.
How to protect yourself from the Magniber Ransomware
In order to protect yourself from Magniber, or from any ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.
You should also have security software that contains behavioral detections such as Emsisoft Anti-Malware, Malwarebytes, or HitmanPro.Alert.
Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:
For a complete guide on ransomware protection, you visit our How to Protect and Harden a Computer against Ransomware article.
- Backup, Backup, Backup!
- Do not open attachments if you do not know who sent them.
- Do not open attachments until you confirm that the person actually sent you them,
- Scan attachments with tools like VirusTotal.
- Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
- Make sure you use have some sort of security software installed.
- Use hard passwords and never reuse the same password at multiple sites.