Technology blog BleepingComputer.com warns users that a fake Windows 10 upgrade that has been circulating since April 8 could infect their computers with Magniber ransomware.
“Fake Windows 10 updates are being used to distribute Magniber ransomware in a massive campaign launched earlier this month,” the online blog reported. “Over the last few days, BleepingComputer has received a wave of requests for help regarding a ransomware infection targeting users worldwide.”
According to the blog, the fake updates are distributed under a number of names, including Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0, msi, which are the most common.
The malicious software then locks and encrypts the user’s files, forcing them to pay 0.068 in Bitcoin, or $ 2,609 to “free up” the computer files, according to the blog.
Magniber is considered “secure” and has no vulnerabilities that could be exploited other than paying the amount required to unlock the files.
The ransomware began to mainly affect South Korean computers and is “currently under active development”, targeting individual students and consumers rather than larger corporate users, according to the blog.
This means that the amount of “ransom” is usually more than the user can pay to unlock the files.
Earlier this year, the malicious software targeted users of the Microsoft Edge and Google Chrome web browsers and disguised itself as a legitimate update package, notebookcheck.net reported in January.
According to this report, the ransomware exploits a vulnerability in Windows that sees the files as legitimate updates and opens them for installation, targeting a “protected” folder for Microsoft apps.
“Therefore, it goes without saying that users should be careful when downloading files from various sources,” the article states. “Even signed .appx files can be potentially dangerous when retrieved from unverified sources. Make sure your critical data is always backed up and your security software definitions are up to date.”
According to the reports, users infected with ransomware can get a “key” to unlock the files after paying the required amount, and they are likely to direct infected users to a site with software that allows them to pay the ransom and get the key.
“The easiest way to protect yourself from Magniber is not to install manual updates to your browser unless you have specifically downloaded it from Google Chrome or the Microsoft Edge website,” said an article on the issue from makeuseof.com earlier this year. “It’s because these modern browsers automatically update themselves by default. This happens every time you close and open it.”