Hackers are distributing fake Windows 10 updates to infect users with the Magniber ransomware.
According to the technology news site BleepingComputer, multiple users have reported infections after they installed what is believed to be Windows 10 cumulative or security update. The updates are distributed under various names, for example, Win10.0_System_Upgrade_Software.msi or Security_Upgrade_Software_Win10.0.msi.
The massive campaign, which have begun on April 8, 2022, is using fake warez and crack websites for malware distribution. BleepingComputer notes that this campaign mainly targets students and consumers rather than businesses.
Once installed on a victim’s device, the ransomware will delete shadow volume copies and encrypt files adding the .gtearevf extention. It also creates ransom notes with instructions on how to pay a ransom (approx. 0.068 bitcoins).
The Magniber ransomware is considered secure, meaning that it does not contain any weaknesses that can be exploited to recover files for free.