Magniber ransomware campaign targets home users worldwide

Surge in Magniber Ransomware Attacks Impacts Home Users Worldwide

A massive Magniber ransomware campaign is underway, encrypting devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. The operation launched in 2017 as Cerber’s successor and has since seen bursts of activity.

Magniber primarily targets individual users who download malicious software and execute it on their home or small business systems. Unlike larger ransomware operations, Magniber does not target large-scale businesses or organizations.

A surge in Magniber victims seeking help was seen in July 2024, with almost 720 submissions to ID-Ransomware since then. While the infection method is unclear, some victims reported running software cracks or key generators before being infected.

The ransomware encrypts files on the device and appends a random 5-9 character extension to encrypted file names. It also creates a ransom note named READ_ ME.htm with information about what happened to a person’s files and a unique URL to the threat actor’s Tor ransom site.

Ransom demands start at $1,000 and increase to $5,000 if a Bitcoin payment is not made within three days. Unfortunately, there is no way to decrypt files encrypted by the current versions of Magniber for free.

It is strongly advised to avoid software cracks and key generators as they are illegal and can spread malware and ransomware. For those impacted by the ransomware, you can use our dedicated support topic to receive help or answers to questions.
Source: https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/