Magniber

Distribution of Magniber Ransomware Stops (Since August 25th)

Through a continuous monitoring process, AhnLab Security Emergency response Center (ASEC) is swiftly responding to Magniber, the main malware that is actively being distributed using the typosquatting method which abuses typos in domain addresses. After the blocking rules of the injection technique used by Magniber were distributed, ASEC published a post about the relevant information on August 10th. Subsequently, the number of cases diminished as the creator of Magniber conducted various detection bypass tests, and as of August 25th, the…

V3 Detects and Blocks Magniber Ransomware Injection (Direct Syscall Detection)

The Magniber ransomware is consistently being distributed at high volumes. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed with filenames disguised as a Windows security update package (e.g. ERROR.Center.Security.msi) in Edge and Chrome browsers. Magniber at the moment injects the ransomware into a running process, having this process cause damage by encrypting the user’s files. This post…

Threat Trend Report on Ransomware – March 2023

This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in March 2023, as well as notable ransomware issues in Korea and overseas. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the aliases designated by AhnLab,…

Threat Trend Report on Region-Specific Ransomware

Background Currently, ransomware creators include individuals, cyber criminal gangs and state-supported groups. Out of these individuals and groups, cyber criminal gangs are the most proactive in ransomware development, while individuals and state-supported groups are less so. Privately developed ransomware is most often for research purposes with the intention of destroying data. Some state-sponsored threat groups also develop ransomware. The purpose of these cases is not for financial gain either but for data destruction, and Wipers, which do not allow recovery,…

Magniber Ransomware’s Relaunch Technique

ASEC (AhnLab Security Emergency Response Center) has been constantly monitoring the Magniber ransomware which has been displaying a high number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years, but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) in Edge and Chrome browsers. There have been recent reports of systems being reinfected by Magniber. Analysis revealed…