A widespread Magniber ransomware campaign is currently targeting home users globally, encrypting their devices and demanding ransoms amounting to thousands of dollars for decryption.
Launched in 2017 as the successor to the Cerber ransomware operation, Magniber was initially distributed through the Magnitude exploit kit. Since then, the operation has experienced intermittent bursts of activity, utilizing various distribution methods to infect devices.
These methods include exploiting Windows zero-day vulnerabilities, fake Windows and browser updates, and trojanized software cracks and key generators. Unlike larger ransomware campaigns, Magniber predominantly targets individual users who unknowingly download and execute malicious software on their personal or small business systems.
In 2018, AhnLab developed a decryptor for Magniber ransomware, but it is no longer effective as the threat actors have since fixed the vulnerability that allowed for free file decryption.
Since July 20, BleepingComputer has observed a significant increase in victims seeking assistance on its forums due to Magniber ransomware infections.
The ransomware identification site ID-Ransomware has also reported nearly 720 submissions since July 20, 2024. Although the exact infection method is unclear, some victims have reported that their devices were encrypted after using software cracks or key generators, a known tactic of the Magniber actors.
Upon execution, the ransomware encrypts files on the device, appending a random 5-9 character extension, such as .oaxysw or .oymtk, to the filenames. It also generates a ransom note named READ_ME.htm, which provides information about the encryption and includes a unique URL to the threat actor's Tor ransom site. Given that Magniber primarily targets consumers, ransom demands start at $1,000 and escalate to $5,000 if payment in Bitcoin is not made within three days. Currently, there is no free method to decrypt files encrypted by the latest versions of Magniber.
It is strongly recommended to avoid using software cracks and key generators, as these are illegal and commonly used to spread malware and ransomware. For those affected by Magniber ransomware, you can seek assistance or find answers to your questions in our dedicated Magniber support topic.