Magician RSWware Ransomware
The Magician RSWware Ransomware is an encryption ransomware Trojan designed to compromise the victims' files, taking them hostage in exchange for a ransom. The Magician RSWware Ransomware was first observed on May 24, 2018. PC security researchers received information about the Magician RSWware Ransomware due to its connection with Silk Road, an underground market on the Dark Web that is used to sell drugs, weapons, and where criminals often offer services ranging from cyber-crimes to even assassinations. The reason why the Magician RSWware Ransomware received attention is that the Bitcoin wallet used for the Magician RSWware Ransomware payments is the same as a Bitcoin wallet that was seized by the FBI when they raided Silk Road and took down their assets.
Table of Contents
How the Magician RSWware Ransomware Infects a Computer
There is virtually no difference between the Magician RSWware Ransomware and the many other encryption ransomware Trojans that are active today. The Magician RSWware Ransomware seems to be based on HiddenTear, an open source ransomware engine that uses AES and RSA encryption to make the victims' data inaccessible. The Magician RSWware Ransomware will target the user-generated files in its attack, which may include files with the following extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the Magician RSWware Ransomware has encrypted the victim's files, the victim will not be able to access these files. The Magician RSWware Ransomware shouldn't be awarded by the computer users with the payment of it's asked ransom. Although the majority of ransomware Trojans demands this, it is especially clear that the Magician RSWware Ransomware attack itself is a joke, since the wallet address used for the payments is controlled by the FBI.
The Magician RSWware Ransomware Ransom Note
Victims of the Magician RSWware Ransomware attack will note that a text file will appear on their desktops. The Magician RSWware Ransomware ransom note takes the form of a text file named 'README.txt,' as well as an image that replaces the victim's desktop image. The full message in the Magician RSWware Ransomware's ransom note read:
'Feel the Wrath of the Magician
Now make me rich!
Send 0.033 BTC to 1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX
Use any service for sending the bitcoin
Also, please email me after you have completed payment with your bitcoin address: magicman22@protonmail.ch'
The Magician RSWware Ransomware ransom, close to 250 USD, should not be paid, and it is advised to refrain from contacting the email address included in the Magician RSWware Ransomware message.
Protecting Your Data from Threats Like the Magician RSWware Ransomware
If the Magician RSWware Ransomware has compromised your data, take steps to ensure that you can recover files affected by the attack. Since the Magician RSWware Ransomware uses highly effective encryption, which cannot be undone directly, the best protection against threats like the Magician RSWware Ransomware is to have file backups, either on the cloud or an external memory device. The backup copies of your files mean that you do not need to contact the criminals or negotiate for your files (which almost never results in the return of the lost data). Apart from file backups, PC security researchers strongly advise computer users to install a reliable security program that is kept up to date and use common sense when browsing the Web.
