Magniber ransomware virus spreads by exploiting IE vulnerability
dl25 Security has detected that there is a network black product using two high-risk IE vulnerabilities that Microsoft has fixed in September and March to construct malicious advertisement pages. , and then download the Magniber ransomware.
The Magniber ransomware used to focus on South Korea, but it has now spread to other countries or regions in Asia. The gang is good at exploiting exploit kits related to browser components to attack and spread, mainly through malicious advertising chains. When the ransomware virus runs, it will encrypt files, delete the disk shadow, and pop up a ransomware notification. The encrypted files cannot be decrypted without a key, and the attack on the advertisement page may affect government, enterprise, and personal computer systems.
The latest sample intercepted by dl25 exploits two IE-related high-risk vulnerabilities to construct a web page to spread, and the system with the vulnerability will run malicious code and download ransomware when opening the advertisement page. The MSHTML remote code execution vulnerability, numbered CVE-2021-40444, was fixed in Microsoft's September announcement, with a vulnerability score of 8.8, which is a critical level. Another hoax attack sample exploits the IE memory corruption vulnerability (CVE-2021-26411) fixed by Microsoft in March this year, with a vulnerability score of 8.8. When the two vulnerability announcements were fixed, malicious exploitation by hackers had been detected, and the detailed exploit method of the vulnerability had also been made public on the Internet.
Both dl25 Computer Manager and dl25 Zero Trust iOA have already supported the detection and interception of malicious webpages exploiting IE vulnerabilities, and all relevant malicious virus samples can be detected and killed.
dl25 security experts recommend users to fix known vulnerabilities to avoid cyber hacking attacks. It is recommended to use Windows Update or the vulnerability repair function of dl25 Computer Manager and dl25 Zero Trust iOA to install patches.
For users who have been unfortunate, they can restore files through the built-in document guardian of dl25 computer housekeeper.