A group of fraudsters is using bogus Windows 10 operating system updates to spread a variety of ‘ransomware.’
Magniber ransomware, as found by BleepingComputer, has infiltrated systems via rogue web domains that offer Windows download links.
Several users have reported issues with updates distributed under the names ‘Win10.0 System Upgrade Software.msi’ and ‘Security Upgrade Software Win10.0.msi
Other download files given as putative Windows 10 updates on these web domains include ‘System.Upgrade.
‘System.Upgrade.Win10.0-KB47287134.msi’, ‘Win10.0-KB47287134.msi’, ‘Win10.0-KB47287134.m
‘System.Upgrade.Win10.0-KB82260712.msi’, ‘Win10.0-KB82260712.msi’, ‘Win10.0-KB82260712.msi’
‘System.Upgrade.Win10.0-KB18062410.msi’ and ‘Win10.0-KB18062410.msi’
Win10.0-KB66846525.msi’.
According to VirusTotal, a free antivirus that scans files and web pages, the ‘ransomware’ campaign began on April 8 and has spread widely throughout the world.
Once downloaded, this’malware’ can encrypt important system files and append a random 8-character extension ending in ‘g.gtearevf’ to them.
It also creates an HTML file named ‘README.html’ that contains instructions on how to pay a ransom for the stolen files by visiting Magniber’s payment site, My Decryptor.
According to BleepingComputer, the majority of ransom requests have been around $2,500 (around 2,375 euros) or 0,068 bitcoins.
This ‘ransomware’ effort is currently directed mostly towards Microsoft operating system students and consumers, rather than businesses, where this form of fraud is more common.