Magniber Ransomware
The Magniber Ransomware is an up and coming file-encryption Trojan, which has already managed to take the files of several victims as a hostage. The threat appears to be rather prominent since it uses custom-generated payment pages for its victims, and malware researchers have been unable to identify any flaws in the encryption method it uses. Some malware researchers speculate that Magniber might be the successor of the Cerber Ransomware – a file-encryption Trojan that has been one of the most fearsome threats in the past year. The revamped Magniber comes with an all-new payment portal, as well as the ability to be distributed via the Magnitude Exploit Kit. One of the recent variants of Magniber seems to only target users in South Korea since it is programmed to delete itself automatically if it is unable to determine whether the infected machine is from South Korea or not.
While the undecryptable state of the Magniber Ransomware is certainly an issue, we assure you that the key to the recovery of your files is not paying the ransom sum that the Magniber Ransomware's authors demand. According to their message, all victims must purchase a piece of software called 'Magniber,' which can be obtained in exchange for 0.2 Bitcoins. However, they also provide a warning, which states that if the money is not paid within five days of the infection, the amount that victims owe will be increased to 0.4 Bitcoins.
The ransom note that the Magniber Ransomware generates tells victims to visit a personalized '.onion' link where they can find instructions on how to pay the ransom sum. The authors have added instructions on how to use the TOR browser, but they have also added links to online services that allow users to browse '.onion' websites without using the TOR browser.
The threat uses a very peculiar naming system for the files it encrypts, and for the ransom note it leaves on the victim's computer. All victims get a randomized 7-character extension added to the names of encrypted files, but it seems that due to a bug most of the current victims end up seeing the '.kgpvwnr' extension. The ransom message is situated in '_HOW_TO_DECRYPT_MY_FILES_
Unfortunately, the lack of a free decryptor means that victims of this threat would never be able to get their files back. However, they should certainly not agree to meet the demands of the attackers. The authors of the Magniber Ransomware may not be in possession of a decryption utility, and sending them any money is not a foolproof way to get your data back. The best way to counteract threats like this one is to eliminate their malevolent files by using a reputable PC security scanner. Once the threat has been stopped, victims should recover the lost files from a backup. However, if a backup is not available, then it might be necessary to use 3rd-party file restoration software whose success is not guaranteed.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.