A surge in Magniber ransomware attacks is affecting home users worldwide.

A massive Magniber ransomware campaign is underway, encrypting the devices of home users around the world and demanding thousands of dollars in ransom for a decryptor.

Magniber started in 2017 as a successor to Cerber ransomware when it was spotted being distributed using the Magnitude attack toolkit.

Since then, the ransomware operation has seen an explosion of activity over the years, with threat actors using a variety of methods to distribute Magniber and encrypt devices. These tactics include using Windows zero-day vulnerabilities, fake Windows and browser updates, and Trojanized software cracks and keygens.

Unlike larger ransomware attacks, Magniber primarily focuses on individual users who download the malware and run it on their home or small business systems.

In 2018, AhnLab released a decryptor for the Magniber ransomware. However, it no longer works as the threat actors fixed the bug, allowing free decryption of files.

The ongoing Magniber campaign

Since July 20, BleepingComputer has seen an increase in the number of Magniber ransomware victims seeking help on our forums.

Ransomware identification website ID-Ransomware has also seen an increase in interest, with nearly 720 reports registered on the site since July 20, 2024.

While it is unclear how victims become infected, BleepingComputer has received reports from several victims that their device was encrypted after running cracks or keygens, a method used by cybercriminals in the past.

Once executed, the ransomware encrypts files on the device and appends a random 5-9 character extension, such as .oaxysw or .oymtk, to the encrypted filenames.

The ransomware will also create a ransom note called READ_ME.htm, which will contain information about what happened to the person’s files, as well as a unique URL to a Tor website where the criminal demands the ransom.

Since Magniber typically targets consumers, ransom demands start at $1,000 and increase to $5,000 if a Bitcoin payment is not made within three days.

Unfortunately, there is no way to decrypt files encrypted by current versions of Magniber for free.

It is highly recommended to avoid software cracks and keygens as not only is it illegal but also a common method of distributing malware and ransomware.

Victims of a ransomware attack can use the dedicated Magniber help topic to get help or answers to questions.