Police, Cyber Security Agency warn of ransomware in form of Windows OS update

The ransomware variant locks up victims' data and then demands a ransom from those who inadvertently download it. PHOTO: BLEEPINGCOMPUTER.COM
Clement Yong
Correspondent
Updated
May 18, 2022, 06:15 PM
Published
May 14, 2022, 06:12 PM

SINGAPORE - The police and the Cyber Security Agency of Singapore (CSA) have jointly warned of a ransomware variant that masquerades as a Windows operating system update.

The fake update locks up victims' data and then demands a ransom from those who inadvertently download it.

Called Magniber, it gives attackers access to victims' personal data, such as details of their bank accounts and social media accounts, which the attackers can then use to steal money or impersonate the victims.

Downloading it through a fake Windows OS update link, a pop-up ad or an e-mail file from an unknown sender leads to a ransom note being displayed.

The attackers demand payment in the form of cryptocurrencies such as Bitcoin if victims want to regain access to their data.

Attackers might also gain access to photos and videos stored in the victims' devices, which can in turn be leveraged to scam or extort money from victims.

In more egregious cases, attackers would even be able to gain remote control of their victims' devices.

The police and CSA said members of the public should be wary of the ransomware, and make sure their mobile phones, computers and other devices are updated regularly with the latest OS versions from official and verified sources.

People should install antivirus applications that can detect and remove malware, and back up their data regularly in a separate, offline system that remains accessible even during a ransomware attack.

They should also avoid clicking on pop-up ads or opening files from unknown senders.

The police and CSA said they do not recommend paying the ransom as it does not guarantee that the data would be decrypted as promised and would also encourage attackers to continue their criminal activities.

Victims should lodge a police report immediately and can visit this website to check if there are readily available decryptors as a possible solution.

The Magniber ransomware variant first started on Internet Explorer, before spreading through other Internet browsers such as Microsoft Edge and Chrome late last year and this year.

More On This Topic
Can you spot a scam? Find out how well you know 6 common scams in S'pore
Ransomware hackers switching targets from other countries to Singapore

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top