Windows 10 exploited to deliver ransomware to households


Threat actors are after individual consumers, disguising ransomware as fake antivirus or Windows software updates and demanding $2,500 in bitcoin to restore access.

The so-called big game hunting ransomware attacks are typically used to target high-value organizations, with threat actors hoping to harvest millions of dollars in a single attack.

ADVERTISEMENT

Worryingly, the HP Wolf Security Threat Research Team recently noticed ransomware gangs pursuing smaller targets, as well.

In September, researchers uncovered an attack vector where an individual user is prompted to install an "important" antivirus or Windows 10 software update.

The user is asked to download a ZIP file containing a JavaScript file that delivers Magniber, a single-client ransomware family known to demand $2,500 in bitcoin in exchange for restored access to the encrypted files.

"It uses local privilege escalation to allow hackers to take full control of systems without the user's authority, ultimately encrypting files and redirecting users to a webpage demanding the ransom," the HP Wolf Security blog reads.

The attackers used clever techniques to avoid detection, such as running malicious code in computer memory rather than dropping the payload on-disk and bypassing antivirus software.

"Users can reduce risk by making sure updates are only installed from trusted sources, checking URLs to ensure official vendor websites are used, and backing up data regularly to minimize the impact of a potential data breach," Patrick Schläpfer, malware analyst at HP Wolf Security, said.

ADVERTISEMENT