Alex TSK 0 Posted August 27, 2018 Posted August 27, 2018 My computer was attacked by virus Filecoder.Magniber Trojan... and encrypted a lot of files such as ms office documents, excel, PDF, dbf files which I could not able to resolve the files. I am attached some encrypted files for your analysis and hope you can resolve the files shortly.
Alex TSK 0 Posted August 28, 2018 Author Posted August 28, 2018 I am using NOD32 version 4 on windows 7.
Alex TSK 0 Posted August 28, 2018 Author Posted August 28, 2018 I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty.
itman 1,799 Posted August 28, 2018 Posted August 28, 2018 10 hours ago, Alex TSK said: I am using NOD32 version 4 on windows 7. You need to upgrade to the latest version of NOD32 which gives enhanced protections against ransomware. Additionally if you upgrade to Win 10, Eset will provided enhanced protection against script based malware. Note that many ransomware are delivered via scripts namely PowerShell ones.
Administrators Marcos 5,441 Posted August 28, 2018 Administrators Posted August 28, 2018 Unfortunately, files encrypted by Filecoder.Magniber cannot be decoded. As already suggested, uninstall v4 and install the latest version (home v.11.2.49 or Endpoint v7) for better protection. Also make sure to harden RDP (e.g. allow it only for internal connections and use VPN, use 2FA, etc.).
Cousin Vinny 6 Posted August 28, 2018 Posted August 28, 2018 11 hours ago, Alex TSK said: I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty. There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711 You will have to know the AES Key in order to use this tool to decrypt your files. The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
Alex TSK 0 Posted August 29, 2018 Author Posted August 29, 2018 Hello Cousin Vinny, Thanks for your information. Which language platform should I use for exec the codes and try? Best Regards, Alex
itman 1,799 Posted August 29, 2018 Posted August 29, 2018 (edited) Per the latest postings on the bleepingcomputer.com Magniber ransomware section here: https://www.bleepingcomputer.com/forums/t/660547/magniber-ransomware-help-topic-read-me-for-decrypt-idtxt-my-deccryptor/?hl=%2Bmagniber#entry4534648 , the latest versions of it are not decryptable. Edited August 29, 2018 by itman
Recommended Posts