360 Security Center analysts have discovered a new version of Magniber ransomware targeting systems running Windows 11. On May 25, the volume of attacks using Magniber increased significantly, according to experts.
Ransomware is distributed through several online platforms, pirated software sites, fake pornographic sites, etc. When a user visits a fake site, the attackers try to force the victim to download a malicious file from their network drives.
According to the researchers, the ransomware has not changed much, but now it can infect multiple versions of Windows. To encrypt victim files, the program uses the RSA and AES encryption algorithms. The RSA algorithm is 2048 bits long, which makes Magniber hard to crack. After encryption, the file suffix becomes random, and a separate payment page opens for each victim. The ransom cost is 0.09 BTC for the first five days. If the ransom is not paid within the specified time, the payment page will become invalid and the ransom value will double.
According to security researchers, there is no secure decryptor for this ransomware. In addition, experts are not yet aware of the weak points of the malware that can reverse the infection.
Magniber is aimed at ordinary users, not at companies, so experts recommend that users remain vigilant, do not download pirated software, and use only official sites.
Recall that this is the second case in two months when Magniber attacks Windows users. In April, attackers used fake Windows 10 updates to spread malware.