Ransomware Attacks Leveraging Magnitude EK On The Rise In APAC Region

Cybersecurity experts have uncovered a new malvertising campaign targeting the Asia-Pacific region, spreading ransomware through the use of the Magnitude EK, a notorious exploit kit that has been around for at least seven years.

Magnitude EK was first offered for sale on underground forums as early as 2013, before becoming a private exploit kit, making it one of the oldest active threats of its kind. Exploit kits such as the Magnitude EK are automated threats that are used by hackers for compromising websites, diverting traffic, scanning for vulnerabilities in browser-based applications, and delivering malware threats.

In the case of the Magnitude EK, it delivers its own ransomware payload. The ransomware comes packed with a temporary decryption key and list of domain names that the attackers change frequently. It doesn't encrypt files in common folders such as app data, documents, and settings, sample music, local settings, etc.

TWIM Episode 10 Part 3: Top 4 Ways Ransomware Infects Organizations

Before encryption, the ransomware checks the extensions of files against a hash table of allowed file extensions, containing 715 entries. After the ransomware encrypts the targeted files, it drops a ransom note in each folder containing encrypted data and uses a notepad.exe process to display it to the victim. Furthermore, researchers say that the ransomware attempts to find and delete any backups of the encrypted data.

Threats like the Magnitude EK usually rely on software vulnerabilities to infect their victims. One of the best ways to address the challenge of protecting yourself from such threats is to update the software and operating systems of your devices regularly. Storing backups is another basic step that can be taken against ransomware attacks, especially when it comes to businesses and government institutions.