Ransomware posing as Windows antivirus update will just empty your wallet

Be careful where you get your updates from

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new strain ofransomwareis posing as an update for Windows, forcing individual web users to pay roughly $2,500 in exchange for the safe return of their data.

These are the findings of an investigation byHPWolf Security, whose experts discovered the Magniber ransomware being distributed in September this year via a website owned by the attackers.

The site entices victims to download a .ZIP archive, which holds aJavaScriptfile that masquerades as either an importantantivirusorWindows 10software update.

Silent encryption

Once the victim runs the file, Magniber does a couple of things, including running the ransomware in memory, bypassing User Account Control (UAC) in Windows (admin user privileges are needed) and using syscalls instead of standard Windows API libraries. All of these things allow Magniber to execute the encryption without raising alarms.

Themalwarealso deletes shadow copy files and disables Windows’backupand recovery features, to make sure victims have no other choice but to pay the ransom, or say goodbye to their files.

This new Royal ransomware is already asking for millions>Is Internap trying to conceal the full effects of a ransomware attack?>Our list of the best endpoint protection services around

Usually, ransomware operators target companies, rather than individuals. By going after larger entities, they make sure that encrypting devices causes real damage, and forces organizations to pay the ransom demand. However, this does not make Magniber any less dangerous, or devastating, researchers are saying.

As usual, users are urged to be careful what they download, and be suspicious of every email, text message, or phone number coming from and unknown sender. Experts are also warning users to keep their computers updated, and install antivirus programs,firewalls, and other security measures. Finally, users should not share their passwords and other authentication mechanisms with anyone, friends, family and co-workers included.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)