In recent years, major ransomware attacks against companies and organizations have been in the news, but end users are also still a target, according to HP Wolf Security. The security company describes an attack campaign in which end users are infected with the Magniber ransomware via fake updates.
The so-called software update is offered from rogue websites. It is a zip file containing a JavaScript file. When users open this file, it tries to bypass the User Account Control (UAC) in Windows. Then the malware will delete the Shadow Coopies and disable the recovery options so that users will not get their files back once they have been encrypted.
Finally, the ransomware will encrypt files on the system and display a ransom message to the user. To decrypt files, Magniber ransomware charges between $2,500 and $5,000. HP does not disclose how users end up on the malicious websites. However, the company advises the end user to only download updates via the official website of the supplier.
Earlier this week, security company Sucuri reported that in the third quarter of this year, tens of thousands of legitimate websites had been taken over by attackers and equipped with rogue JavaScript. This code makes visitors to the legitimate websites believe that they need to install an offered update, when in reality this is malware that allows the attackers to take full control of the system.