Security researchers have discovered a new ransomware named Magniber distributed by the Magnitude exploit kit targeting South Korea.Security researcher Michael Gillespie first discovered the ransomware through his ID-Ransomware site when victims uploaded
Security researchers have discovered a new ransomware named Magniber distributed by the Magnitude exploit kit targeting South Korea. Security researcher Michael Gillespie first discovered the ransomware through his ID-Ransomware site when victims uploaded encrypted files and ransom note to his website. Security researchers Kafeine, Joseph Chen, and malc0de discovered that it was distributed by Magnitude exploit kit who previously distributed Cerber Ransomware. Using the malwaretisments in the attacker owned website, exploit kit try to use a vulnerability on the internet explorer to install Magniber Ransomware. Working of Magniber The ransomware checks the language in the infected system first, and if it's Korean, it will generate a unique victim ID which will be used in ransom notes and if it is not Korean it will terminate the process and delete itself. Then ransomware starts searching for files with a certain extension (given below) for encryption and extension .ihsdj or .kgpvwnr will be added at the end.
There will be a ransom note named READ_ME_FOR_DECRYPT_[id].txt created in each folder that a file is encrypted.
The ransom note contains information about what happened to your data and instructions for payment. In payment instruction, there will be a link to TOR payment called My Decryptor which is located at TOR URL [victim_id].ofotqrmsrdc6c3rz.onion. In that victims can find details about the ransom amount, bitcoin address where payment must be made and information to purchase bitcoins.
For now, ransom amount to be paid is .2 Bitcoin.After making payment in the listed bitcoin address and details will be shown in the payment section of the decryptor page. Then the page will provide a link to download victim’s unique decryptor, and it also includes a support page where victims can communicate with the ransomware developer. 
The page also provides an option to decrypt one file for free, and it is not sure whether it is working or not.
You may be interested in reading:Ransomware - How can you effectively tackle the challenges?To protect yourself from Magniber ransomware follow the below instructions :
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
- Maintain updated Antivirus software on all systems
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches.