Ransomware may be used as a Windows antivirus update, thus you can just empty your wallet

Ransomware may be used as a Windows antivirus update, thus you can just empty your wallet ...

A new strain of ransomware is posing as a Windows update, forcing individual web users to pay roughly $2,500 in exchange for a secure return of their data.

These are the results of an investigation by HP Wolf Security, whose experts discovered the Magniber ransomware was being distributed in September this year via a website owned by the attackers.

The site encourages victims to download a.ZIP archive, which contains a JavaScript file that is classified as either a reliable antivirus or a Windows 10 software update.

Silent encryption

Magniber does a variety of things: running the ransomware in memory, bypassing User Account Control (UAC) in Windows (admin user privileges are required) and using syscalls instead of standard Windows API libraries. All of these things allow Magniber to execute the encryption without raising alarms.

The malware also removes shadow copy files and disables Windows backup and recovery capabilities, to ensure victims have no other choice than to pay the ransom or say goodbye to their files.

The operators of ransomware tend to be targeted rather than individuals, but by taking care of larger companies, they make sure that encrypting devices cause real damage, and forces organizations to pay the ransom demand. Magniber is however not less dangerous or devastating, as scientists warn.

Users are encouraged to be patient about what they download, and be sensitive to any email, text, or phone number from the recipient, as well as other security measures. Finally, users should not share their passwords or other authentication mechanisms with anyone, friends, family and coworkers.