A ransomware campaign is targeting home users in the form of software updates via fake Windows 10 and antivirus installs, cyber security researchers have revealed.
The HP Threat Research team revealed that a ransomware campaign named Magnibar is demanding $2,500 from victims to unlock their data.
Specifically, attackers used clever techniques to evade detection, such as running ransomware in memory, bypassing User Account Control (UAC) in Windows, and using Cisco user-mode instead of standard Windows API libraries. Except for detection techniques that monitor hooks,” the team explained.
Even though Magnibar doesn’t fall into the ‘big game hunting’ category, it can still do a lot of damage.
“Home users were likely targets of this malware, depending on supported operating system versions and UAC bypass. The attackers used clever techniques to evade security and detection mechanisms,” the security researchers said.
With UAC Bypass, the malware removes the shadow copy files of the infected system and disables the backup and recovery features, preventing the victim from recovering their data using Windows tools.
The infection chain begins with a web download from an attacker-controlled website.
The user is asked to download a ZIP file which contains a JavaScript file that claims to be a critical antivirus or Windows 10 software update.
Home users can protect themselves against such ransomware campaigns by following this simple advice:
The HP security team said home users should only download software updates from trusted sources because the campaign relies on tricking people into cracking open software updates. “Back up your data regularly. Backing up your data will give you peace of mind in a worst case scenario,” he suggested.
read all latest tech news And today’s fresh news Here