Ransomware campaign targeting users via fake Windows 10, antivirus update
New Delhi, October 15 (SocialNews.XYZ) A ransomware campaign is targeting home users by posing as software updates through fake Windows 10 and antivirus installations, cybersecurity researchers have revealed.
The ransomware campaign called Magniber then demands $2,500 from victims to unlock their data, the HP Threat Research team reveals.
Notably, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks using system calls instead of standard Windows API libraries,” the team explained.
Even though Magniber doesn’t fall into the “big game hunting” category, it can still cause significant damage.
“Home users were the likely target of this malware based on supported operating system versions and UAC bypass. Attackers used clever techniques to evade protection and detection mechanisms,” noted security researchers.
With UAC bypass, the malware deletes shadow copy files from the infected system and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.
The infection chain begins with a web download from an attacker-controlled website.
Home users can protect themselves from ransomware campaigns like this by following this simple tip:
The HP security team said home users should only download software updates from trusted sources, as the campaign depends on tricking people into opening fake software updates.
“Back up your data regularly. Backing up your data will give you peace of mind should the worst happen,” they suggested.