Threat actors have leveraged fake Windows 10 updates to launch a massive Magniber ransomware campaign that began this month, reports BleepingComputer.
Users around the world have reported being impacted by the Magniber ransomware through phony Windows 10 updates, with Security_Upgrade_Software_Win10.0.msi and Security_Upgrade_Software_Win10.0.msi being the most prevalent.
Submissions to VirusTotal indicate that the campaign had begun on April 8, with the fake updates likely distributed through crack sites and fake warez. Shadow volume copies are initially deleted by the Magniber ransomware before proceeding to file encryption, which will then lead to the inclusion of a random 8-character extension.
Ransom notes have also been created by Magniber, which has mostly demanded payments of around $2,500 or 0.068 bitcoins. Magniber's My Decryptor payment site has also been found to allow free decryption of a single file.
Moreover, consumers and students have been the key targets of the campaign, rather than enterprises, BleepingComputer found.