Magniber ransomware virus is not a new cyber threat; the crypto-virus debuted in October of 2017 and continued on remaining a mystery for security researchers until 2018. Right from the beginning, researchers determined that the ransomware is being distributed by the Magnitude exploit kit which is related to the Cerber crypto-virus, and might have been even created by the same group of hackers or individuals (Magniber).
Magniber crypto-virus was related to Cerber infection
According to specialists, Magniber ransomware was spread via malicious advertisements or so-called malvertisements which are malware-laden. The completed analysis revealed that the crypto-virus targeted people from South Korea (New). Initial investigation showed that the ransomware might be decryptable, but the process of creating a free file-decryptor took longer than expected.
Currently, in April of 2018, a South Korean cyber security firm has launched two decryptors. Therefore, the victims of Magniber can decrypt their data. Since this South Korean firm does not offer translations, users will have to use translation tools in order to recover their data. Nevertheless, this is great news. From the beginning of this ransomware, AhnLab researchers insisted that an encryption bug will help them create free decryption software. Luckily, they were right.
However, the fact that Magniber virus is now decryptable does not save you from other crypto-infections. Malvertesiments might be used for the purpose of spreading other encryptors. If exploit kits will be applied to your computer, then it is important that an operating system would not feature any vulnerabilities. Therefore, regularly update your software and make sure that no out-dated programs would compromise your cyber security.
Magniber virus urges people to visit a unique TOR website, containing payment information. Every victim of the ransomware would usually receive an original ID number. Surprisingly, when first run, the Magniber crypto-malware checks the language used then Windows was installed. If the victim used Korean language, the virus will continue with the file-encryption process. However, if the virus detected languages other than Korean, then the Magniber removed itself from the operating system (Magnitude). The encrypted files would feature random extensions. Take a look at the list of extensions that are currently decryptable:
How to recover files after Magniber virus?
The official decryptors for the victims of Magniber ransomware can be found in the official website of AhnLab. You find the decryptors in here and here. Overall, please remember that you have to store important files in backup storages. If you don’t, you will have no way of recovering the data, damaged by ransomware viruses. Of course, researchers are occasionally capable of generating free decryptors, but this is not always the case.
Magniber virus initial ransom was 0.200 BTC which was approximately $1038 dollars. However, if victims did not pay the ransom in 5 days, the fee would read 0.400 BTC which meant that users would have to pay $2076 dollars. We hope that none of the victims of this ransomware were intimidated enough to pay the demanded ransoms.
Magniber ransomware used Magnitude exploit kit for distribution
As we have mentioned, hackers used deceptive advertisements to trick users into becoming infected with Magniber ransomware. The main target of the creators of this infection was South Korea. The hackers hoped that many people would still keep their operating systems full of vulnerabilities. If users do not update their software, it is expected that malware would find ways of getting inside. For the removal of a ransomware infection, you must complete a system restore. We have explained this process in this article and we hope that you will find it helpful. However, if you do not want to do this process manually, we are also encouraging you to run a scan with Spyhunter. Both of these anti-malware tools will find the way to clean your device from malicious programs and files.
The manual removal includes these steps:
- Rebooting your computer in Safe Mode (Enable Safe Mode with Command Prompt)
- Once Command Prompt launches, type in cd restore and press enter.
- Enter rstrui.exe and press enter again.
- Click “Next” in the Window which appeared.
- Select one of the Restore Points which would suggest a date before Magniber ransomware infected your device.
- Click “yes” to start a system restore.
Automatic Malware removal tools