New research demonstrates that the Magniber ransomware has been targeting home users by disguising itself as software updates. Magniber ransomware was leveraged in a campaign isolated by HP Wolf Security this fall. The malware is described as a single-client ransomware family that typically demands $2500 from its victims. Magniber is primarily spread through MSI and EXE files, however, it has recently been distributed via JavaScript files.
HP Wolf Security stated that the attackers leveraging Magniber have been deploying techniques to evade detection. These include running the ransomware in memory, bypassing User Account Control in Windows, and bypassing detection techniques that monitor user-mode hooks by leveraging syscalls. HP Wolf Security state that the malware uses JavaScript because it typically requires less user interaction than HTML smuggling or other versions.
Read More: Magniber Ransomware Adopts JavaScript to Attack Individual Users
