Fake Windows Updates could seize your files and demand $5K to restore access — how to avoid it

Microsoft
(Image credit: Microsoft)

Yikes! Vicious ransomware is masquerading as Windows Update packages to lure unsuspecting victims into malware hell, and then suddenly, their valued files are rendered inaccessible. If they want them back, they have to fork over Bitcoin.

Magniber ransomware is the name of this malicious software — and it's spreading. According to BleepingComputer, it discovered a surge in help requests regarding a strange ransomware infection, and after some research, the tech platform reportedly discovered its source.

How Magniber ransomware works

BleepingComputer's investigation discovered that a swarm of victims unwittingly installed Magniber ransomware masking itself as Windows 10 security or cumulative updates. Here are some of the common file names for the aforementioned faux updates:

  • Win10.0_System_Upgrade_Software.msi
  • Security_Upgrade_Software_Win10.0.msi

The malware campaign, according to VirusTotal, likely launched on April 28. BleepingComputer suspects the infected files came from "fake warez and crack sites," platforms that illegally distribute pirated content.

How does Magniber ransomware work? Once you install it assuming it's a Windows Update, it will encrypt your files, rendering them inaccessible. A file entitled ReadMe.html will have a message that says, "Your files are not damaged! Your files are modified only. The modification is reversible. The only way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third-party software will be fatal for your files!"

The ransom note then guides the victim to visit a URL that's only accessible via the Tor Browser. The website says that if the victim can procure about $2,600 in BTC in under five days, they can regain access to their files. If not, the price jumps to more than $5,000.

How to avoid Magniber ransomware

As BleepingComputer pointed out, because Magniber ransomware is on fake warez and cracked sites, this malware often targets students and consumers who don't have the wherewithal to pay the pricey ransom.

Unfortunately, there's no way around Magniber's clutches. Once you've been infected with this wretched ransomware, you're doomed. "It does not contain any weaknesses that can be exploited to recover files for free," BleepingComputer said.

That being said, when it comes to Magniber ransomware, PC users must take a preventative approach to avoid its fatal tendrils. Michael Crider from PCWorld said it best (in all caps): "DON’T DOWNLOAD WINDOWS UPDATES FROM ANY SOURCE EXCEPT MICROSOFT."

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!