Magniber ransomware has been upgraded to target Windows 11 machines, according to cybersecurity software provider 360 Total Security.
Writing in a blog post, the company said the attack volume of the ransomware increased significantly since May 25, and some of its dissemination package names have been updated, including a ‘win10-11_system_upgrade_software.msi’ file.
While the ransomware itself hasn’t changed much, the fact that it can now infect multiple versions of Windows operating systems would be behind the increase in infections, reported 360 Total Security.
For context, Magniber infects machines thanks to an attack vector that looks like a Windows update. These malicious files are commonly found in downloads from forums, cracked software and fake porn websites.
Once downloaded and executed, the ransomware uses the RSA+AES to encrypt files, in which RSA uses 2048 bits.
According to 360 Total Security, every victim is shown an independent payment page where they are asked to pay a ransom of 0.09 Bitcoin (currently $2,848) within five days, or the ransom will be doubled.
If the ransom is not paid within an unspecified amount of time, the link will reportedly become invalid.
Magniber infected a considerable number of machines earlier this year, but the malware has been previously spotted in the wild as early as 2017.
In fact, in September that year, a number of Korean systems were targeted by Magniber, and a few months later, the group behind the malicious software was involved in a feud with rival cyber-criminals.
More broadly, ransomware attacks have been multiplication over the last couple of years, with figures from Sophos’ State of Ransomware 2022 report showing that two-thirds (66%) of organizations were hit by a ransomware attack in 2021, a surge of 37% when compared to the same period in 2020.
Source: www.infosecurity-magazine.com