Goodbye Cerber? Hello Magniber Ransomware (distribution via exploit kits)!

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Magniber is a new ransomware being distributed by the Magnitude Exploit Kit that appears to be the successor to the Cerber Ransomware. While many aspects of the Magniber Ransomware are different than Cerber, the payment system and the files it encrypts are very similar.

Magniber was first discovered by security researcher Michael Gillespie when he saw victims uploading encrypted files and ransom notes to his ID-Ransomware site. Then, on October 16th, security researchers Kafeine, Joseph Chen, and malc0de discovered that the Magnitude exploit kit, which was previously the last distributor of Cerber, had begun to distribute a new ransomware that was specifically targeting South Korean victims.

Thus Magniber (Magnitude+Cerber) was born.

The good news is that this ransomware may be decryptable, so do not pay the ransomware without contacting us first. For anyone who is infected with this ransomware or wants to discuss the infection, we have a dedicated Magniber Ransom Support & Help Topic topic.

Many people, including myself, have analyzed this ransomware. I would like to thank Fabian Wosar, Jack, Joseph Chen, Kafeine, malc0de, & Michael Gillespie for their contributions to this article.

Magniber distributed via exploit kits
Kafeine and Joseph Chen discovered that Magniber is being distributed through malvertisements displayed by the Magnitude exploit kit that are specifically tageting users from South Korea. In a report by Trend Micro, fraud researcher Joseph Chen explains how the Magnitude exploit kit is currently focusing on victims in South Korea.
Click to expand...

Magniber the succesor to Cerber?
While victims are still submitting reports to ID-Ransomware, since mid September, Cerber has almost gone silent with no major distribution campaigns underway. Kafeine then noted that the Magnitude exploit kit was the last distributor that he knew of for Cerber, which had also stopped distribution in September as well.

Suddenly, Magnitude, the last known distributor of Cerber, begins to distribute another ransomware that has the exact same payment site as Cerber. While this does not mean that Magniber shares the same code base, which I do not believe it does, it may be possible that the payment system was migrated to Magniber.
Click to expand...

How to protect yourself from the Magniber Ransomware
In order to protect yourself from Magniber, or from any ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

You should also have security software that contains behavioral detections such as Emsisoft Anti-Malware, Malwarebytes, or HitmanPro.Alert.

Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:

  • Backup, Backup, Backup!
  • Do not open attachments if you do not know who sent them.
  • Do not open attachments until you confirm that the person actually sent you them,
  • Scan attachments with tools like VirusTotal.
  • Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
  • Make sure you use have some sort of security software installed.
  • Use hard passwords and never reuse the same password at multiple sites.
For a complete guide on ransomware protection, you visit our How to Protect and Harden a Computer against Ransomware article.
Click to expand...
 
  • Like
Reactions: frogboy, tim one, vemn and 4 others
vemn

vemn

Level 6
Verified
Malware Hunter
Well-known
Feb 11, 2017
264
Any idea how well the enterprise products are doing against this?
Hope to see samples surfacing too!
 
  • Like
Reactions: tim one
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
vemn said:
Any idea how well the enterprise products are doing against this?
Hope to see samples surfacing too!
Click to expand...
Enterprise products should be ready (I hope) but the problem is that it depends on how much the company invests in safety management, staff training and, above all on backup policy.
 
  • Like
Reactions: frogboy and harlan4096
You must log in or register to reply here.

Similar threads

SeriousHoax
    • Like
    • Wow
Magniber ransomware now infects Windows users via JavaScript files
Replies
17
Views
1,647
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • +Reputation
RIG Exploit Kit still infects enterprise users via Internet Explorer
Replies
0
Views
488
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • Wow
    • +Reputation
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Replies
0
Views
822
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top