Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Magniber Ransomware (.<7~9 Digit English Small Letter Random Extension> / README.html / Version .cpl)

  • Distribution Method : Automatically download .cpl files while connecting the site.
  • MD5 : e6bed12ea53d21b0372ad17e9f9bfe89
  • Encrypted File Pattern : .<7~9 Digit English Small Letter Random Extension>
  • Malicious File Creation Location : C:\Users\Public\<Random>.apx
  • Payment Instruction File : README.html
  • Major Characteristics :
     - Offline Encryption
     - Encrypting files through code injection into various running processes (Explorer.exe / RuntimeBroker.exe / svchost.exe etc.)
     - Disable system restore (bcdedit /set {default} bootstatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet, wbadmin delete systemstatebackup -quiet)