Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning: Ransomware is spreading through fake malicious Windows updates
International security researchers have just made an urgent announcement about a campaign to spread ransomware through fake Windows 10 updates.
Named Magniber, this dangerous ransomware strain has been around on the internet for a while, and ranks in the dangerous group with its diverse infectivity. Back in 2021, Magniber was used by a group of malicious actors in the infamous PrintNightmare exploit campaign. As recently as January 2022, this ransomware strain was also recorded spreading through Microsoft Edge and Chrome at a rapid rate.
According to the latest report from, this new Magniber infection campaign does not seem to be limited to a specific region or territory. There have been a series of recorded cases of infection scattered in many countries around the world. The common feature is that malicious code is implanted in malicious Windows 10 updates, but designed to look like the real thing, and some of them even have a fake ID knowledge base (KB) attached to increase the theory. dress. Reported instances of fake updates include:
- Win10.0_System_Upgrade_Software.msi
- Security_Upgrade_Software_Win10.0.msi
- System.Upgrade.Win10.0-KB47287134.msi
- System.Upgrade.Win10.0-KB82260712.msi
- System.Upgrade.Win10.0-KB18062410.msi
- System.Upgrade.Win10.0-KB66846525.msi
These malicious updates are being spread unlimitedly via pirated, fake websites. Such as in the screenshot below.
After successfully infecting malicious files are installed on the victim's system, they will continue to delete backups of encrypted drives and generate a "README" HTML file containing a ransom note (recognized by the victim). shown in the image below):
On the ransom payment website, the malicious actor will ask the victim to pay around 2,600 USD or 0.068 bitcoin (BTC) to get back the encrypted data. The ransom will double if the victim does not pay after 5 days.
To protect yourself from Magniber and a similar infection campaign, it's best to stay away from unofficial sources of Windows update downloads. Instead, download new updates from Windows Update itself. Alternatively, you can also search for standalone updates on the Microsoft Update Catalog website.
Jessica TannerYou should read it
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
May be interested
- List of the 3 most dangerous and scary Ransomware viruses
while security solutions to protect us from threats, hackers are increasingly improving, while malicious programs (malware) are also becoming more and more 'cunning'. and one of the recent threats is how to extort money through ransomware. - Matrix Ransomware is back under the distribution of RIG Exploit Kitsecurity researcher jérôme segura of malwarebytes has discovered matrix ransomware being distributed through rig exploit kit on malicious display sites.
- Strange ransomware detection only attacks the richother ransomware often spread to all victims if possible, but the new ransomware is different, it selectively infects.
- Risk of ransomware infection when downloading crack software onlineresearchers from cybersecurity firm sophos have discovered another malicious code distribution network hiding in the shadow of cracked software. because of wanting to use software without paying royalties, many people have become victims of cybercrime.
- Ransomware appeared to fake Edge browser updates, extorting users with Bitcoina ransomware attack campaign in south korea is using a fake edge update to fool users.
- Scammers are using fake Windows updates to steal users' filessome cunning scammers are using fake updates as a front to steal people's data.
- Spreading hacking tools helps Windows 7 still get updates even after Microsoft has stopped supportingthis hacking tool will basically help your device pass that initial check and can receive updates just like esu customers.
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.the netherlands national cyber security center (ncsc) has issued an emergency report, warning of three ransomware strains that are storming around the world, and will likely explode in the near future.
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacksransomware (ransomware) is probably not a new concept for most computer users. however, quantum ransomware is a term not everyone has heard of.
- Detection of a new ransomware strain targeting the Windows search enginea ransomware attack begins when the victim receives an executable file containing malicious code via email.
Attack the network
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
- New banking malware discovered that can remotely control Android devices
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
New banking malware discovered that can remotely control Android devices
Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
VMware patches RCE Spring4Shell vulnerability on a wide range of products