Alex TSK 0 Posted August 27, 2018 Share Posted August 27, 2018 My computer was attacked by virus Filecoder.Magniber Trojan... and encrypted a lot of files such as ms office documents, excel, PDF, dbf files which I could not able to resolve the files. I am attached some encrypted files for your analysis and hope you can resolve the files shortly. Link to comment Share on other sites More sharing options...
itman 1,630 Posted August 27, 2018 Share Posted August 27, 2018 Do you use a an existing version of Eset? Link to comment Share on other sites More sharing options...
Alex TSK 0 Posted August 28, 2018 Author Share Posted August 28, 2018 I am using NOD32 version 4 on windows 7. Link to comment Share on other sites More sharing options...
Alex TSK 0 Posted August 28, 2018 Author Share Posted August 28, 2018 I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty. Link to comment Share on other sites More sharing options...
itman 1,630 Posted August 28, 2018 Share Posted August 28, 2018 10 hours ago, Alex TSK said: I am using NOD32 version 4 on windows 7. You need to upgrade to the latest version of NOD32 which gives enhanced protections against ransomware. Additionally if you upgrade to Win 10, Eset will provided enhanced protection against script based malware. Note that many ransomware are delivered via scripts namely PowerShell ones. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted August 28, 2018 Administrators Share Posted August 28, 2018 Unfortunately, files encrypted by Filecoder.Magniber cannot be decoded. As already suggested, uninstall v4 and install the latest version (home v.11.2.49 or Endpoint v7) for better protection. Also make sure to harden RDP (e.g. allow it only for internal connections and use VPN, use 2FA, etc.). Link to comment Share on other sites More sharing options...
Cousin Vinny 6 Posted August 28, 2018 Share Posted August 28, 2018 11 hours ago, Alex TSK said: I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty. There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711 You will have to know the AES Key in order to use this tool to decrypt your files. The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ Link to comment Share on other sites More sharing options...
Alex TSK 0 Posted August 29, 2018 Author Share Posted August 29, 2018 Hello Cousin Vinny, Thanks for your information. Which language platform should I use for exec the codes and try? Best Regards, Alex Link to comment Share on other sites More sharing options...
itman 1,630 Posted August 29, 2018 Share Posted August 29, 2018 (edited) Per the latest postings on the bleepingcomputer.com Magniber ransomware section here: https://www.bleepingcomputer.com/forums/t/660547/magniber-ransomware-help-topic-read-me-for-decrypt-idtxt-my-deccryptor/?hl=%2Bmagniber#entry4534648 , the latest versions of it are not decryptable. Edited August 29, 2018 by itman Link to comment Share on other sites More sharing options...
Recommended Posts