Magniber Ransomware

The Magniber Ransomware is the new name of the Cerber Ransomware, and the first samples of the threat were discovered on October 14th, 2017. However, the Magniber Ransomware is not just a new name for the old and familiar Cerber Ransomware. The change in the name is just part of many new changes in the Cerber platform. Cyber security experts warn that the Magniber Ransomware is presented to third parties as a RaaS — Ransomware as a Service — platform the same way as its predecessor. The new package includes all core functionalities that made Cerber one of the founding stones for the crypto-threat market of today. The core of the Magniber Ransomware Trojan is rebuilt, and there is a brand-new client-server confirmation along with improved file encryption algorithms. The creators of the Magniber Ransomware continue to use a broad spectrum of instruments to distribute the Trojan to potential victims such as:

• Macro-enabled Microsoft Word documents;
• Fake package confirmation letters from Amazon;
• Compromised RDP (Remote Desktop Protocol) connections;
• Boobytrapped pirated software.

The Magniber Ransomware is reported to make its first victims on the Korean peninsula and South-East Asia. The name of the Magniber Ransomware Trojan is derived from the fact that its first official release was facilitated using the Magnitude Exploit Kit. The attacks using the Magniber Ransomware are highly targeted, and the Trojan might be used in spear phishing attacks on large and medium-sized businesses. The initial Magniber Ransomware campaign is known to extort 0.2 Bitcoin that is worth 1129 USD/960 EUR from compromised users. The Magniber Ransomware is designed to run on the latest versions of Windows and affect images, presentations, text, eBooks, databases, videos, music, spreadsheets and contacts lists. The Magniber Ransomware adds a sequence of seven random characters to the file names of the encrypted objects. For example, 'Canada lynx.jpeg' may be renamed to 'Canada lynx.jpeg.nxpqwup' and users can find ‘READ_ME_FOR_DECRYPT.txt’ on the desktop, which offers the following message:

'ALL Y0UR D0CUMENTS, PHOTOS, DATABASES AND OTHER IMP0RTANT FILES HAVE BEEN ENCRYPTED!
===
Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.
Any attempts to restore your files with the third-party software will be fatal for your files!
===
To receive the private key and decryption program follow the instructions below:
1. Download "Tor Browser" from https://www.torproject.org/ and install it.
2. In the "Tor Browser" open your personal page here:
xxxx://27dh6y1kyr49yjhx8i3.yhicav6vkj427eox.onion/N3ii3Ne9010*****
Note! This page is available via "Tor Browser" only.
===
Also you can use temporary addresses on your personal page without using "Tor Browser":
xxxx://27dh6y1kyr49yjhx8i3.sayhere.party/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.goflag.webcam/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.keysmap.trade/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.segon.racing/N3ii3Ne9010*****
Note! These are temporary addresses! They will be available for a limited amount of time!'

PC users that may have been compromised by the Magniber Ransomware should not expect that the native recovery function Windows will remain usable. Unfortunately, the Magniber Ransomware Trojan is observed to delete the Shadow Volume Copies created by the system for recovery purposes. You should be able to use recovery images made with third-party tools and access cloud-based storage with archived data if you have any. Compliance with the terms laid by the Magniber Ransomware operators does not translate to a favorable outcome necessarily. Cybersecurity experts recommend users install a capable backup manager and purge the Magniber Ransomware using a trusted anti-malware scanner. AV engines are known to recognize the objects utilized by the Magniber Ransomware and flag them as:

• Trojan.Ransom.Magniber.C
• Trojan/Win32.Sobnot.R210740
• Win32:Magniber-A [Ransom]
• TR/Crypt.XPACK.Gen
• W32/Filecoder_Cerber.Z!tr
• Ransom_Sobnot.R03BC0DJJ17
• Trojan-Ransom.Win32.Magni.a

SpyHunter Detects & Remove Magniber Ransomware