Beware: Magniber ransomware now spreading via fake malicious Windows updates

Windows logo against red circular shapes and a dark background

The Magniber ransomware, which has been around for a while, is apparently spreading via fake Windows 10 updates in its latest campaign. Back in 2021, the Magniber threat actors were using the PrintNightmare exploit to infect victims, and recently in January 2022, it was spreading via Microsoft Edge and Chrome.

This new report comes via BleepingComputer which noticed a lot of user reports regarding this new infection that seems to be affecting people worldwide. The malicious updates pretend to be real and some of them even have fake knowledge base (KB) IDs attached with them. Here are some of these fake malicious updates:

  • Win10.0_System_Upgrade_Software.msi
  • Security_Upgrade_Software_Win10.0.msi
  • System.Upgrade.Win10.0-KB47287134.msi

  • System.Upgrade.Win10.0-KB82260712.msi

  • System.Upgrade.Win10.0-KB18062410.msi

  • System.Upgrade.Win10.0-KB66846525.msi

These malicious updates are being spread via warez and piracy websites. Here is one such example:

Magniber ransomware distribution site

Once the malicious files are installed, they go on to delete the backup volume shadow copy of the encrypted drives and creates a "README" HTML file that contains the ransom notes (shown in image on the right side):

Magniber ransomware encrypted files and a README ransom notes
Magniber ransomware notes inside README file

On the ransomware payment site, the threat actors ask the victims to pay up around $2,600 or 0.068 bitcoins (BTC), and the ransom is set to double if five days go without payment.

Magniber ransom demand

To protect yourself from such a campaign, it is best to avoid such unofficial sources of downloading Windows updates and directly download them via your settings. You can also look for standalone updates on the Microsoft Update Catalog website.

Source and images: BleepingComputer


Edit: Inserted the correct image for the distribution website.

Report a problem with article
A taxi driver
Next Article

Uber and Lyft will pay fines for drivers affected by Oklahoma's anti-abortion laws

Mozilla&039s Common Voice robot surrounded by people
Previous Article

Mozilla's open-source speech data project, Common Voice, now has 20,000 hours of content

17 Comments - Add comment

Advertisement