Researchers with Bleeping Computer are warning people about a large-scale ransomware campaign happening in real time.
Ransomware hackers typically focus on targeting organizations due to the larger sums of money they could potentially get away with. However, the Magniber ransomware strain does the opposite. It targets home users and encrypts their personal files right under their noses while making a ransom demand to get the files back.
The scary part about the campaign is that the researchers were unable to discover exactly how the malware has been spreading. They found hackers encrypting files when the user uses popular software cracking tools and key generators, but no method of infection.
They also discovered that it works by encrypting users’ files with a 5-letter extension, such as .oaxysw or .oymtk. Ransomware identification website ID-Ransomware reported more than 700 incidents of Maliber attacks since July 20th.
After attempting to open the encrypted file, the users will instead find a note with the tagline “Your important files have been ENCRYPTED due to the suspicion of ILLEGAL downloads.”
“Your files are not damaged! Your files are modified only,” the letter reads. “This modification is reversible. Any attempts to restore your files with the third-party software will be fatal to your files! To receive the private key and decryption program follow the instructions below:”
Payment demands begin at $1000 but go up to $5000 if the victim hasn’t paid within a few days of opening the file. Hackers demand payments in Bitcoin to preserve their anonymity.
As of now, there are no free decryption tools that work with this version of Magniber. The free AhnLab decryption tool for Magniber no longer works with the newest malware strain.
Since the infection method is unknown, security experts are recommending that you avoid all illegal software cracking tools, unknown email attachments, and suspicious websites.