With the new Ransomware, users can reduce risk by making sure updates are only installed from trusted sources, checking URLs to ensure official vendor websites are used, and backing up data regularly to minimize the impact of a potential data breach.
Gwamcee News
The HP Wolf Security Threat Research Team has just released a detailed analysis of a highly evasive ransomware campaign targeting individual consumers instead of targeting enterprises via ‘Big Game.
Malware Analyst at HP Wolf Security, Patrick Schläpfer in a released statement said, the campaign hides Magniber ransomware in fake anti-virus or Windows software updates to trick users into downloading, before encrypting files and demanding around $2,500 in bitcoin in exchange for restored access.
This campaign is much harder to detect than those typically seen targeting personal machines, as it uses malicious code which runs only in computer memory rather than dropping the payload on disk, allowing it to bypass detection by antivirus software. Magniber is delivered in a malicious JavaScript file, which uses local privilege escalation to allow hackers to take full control of systems without the user’s authority, ultimately encrypting files and redirecting users to a webpage demanding ransom.
The good news is there is a simple solution for consumers to protect themselves. For Magniber to access and block files, it needs to be executed on a Windows account with administrator privileges a level of access that is much more commonplace in personal systems.
“Consumers can protect themselves by following ‘least-privilege’ principles – only logging on with their administrator account when strictly needed, and creating another account for everyday use,” explains Patrick Schläpfer, Malware Analyst at HP Wolf Security.
Adding to it, he said, “Users can also reduce risk by making sure updates are only installed from trusted sources, checking URLs to ensure official vendor websites are used, and backing up data regularly to minimize the impact of a potential data breach.”
