Jump to content

Virus attacked by Filecoder.Magniber Trojan


Recommended Posts

My computer was attacked by  virus Filecoder.Magniber Trojan... and encrypted a lot of files such as ms office documents, excel, PDF, dbf files which I could not able to resolve the files. 

I am attached some encrypted files for your analysis and hope you can resolve the files shortly.

 

 

Link to comment
Share on other sites

10 hours ago, Alex TSK said:

I am using NOD32 version 4 on windows 7. 

You need to upgrade to the latest version of NOD32 which gives enhanced protections against ransomware. Additionally if you upgrade to Win 10, Eset will provided enhanced protection against script based malware. Note that many ransomware are delivered via scripts namely PowerShell ones.

Link to comment
Share on other sites

  • Administrators

Unfortunately, files encrypted by Filecoder.Magniber cannot be decoded. As already suggested, uninstall v4 and install the latest version (home v.11.2.49 or Endpoint v7) for better protection. Also make sure to harden RDP (e.g. allow it only for internal connections and use VPN, use 2FA, etc.).

Link to comment
Share on other sites

11 hours ago, Alex TSK said:

I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty.

There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711

You will have to know the AES Key in order to use this tool to decrypt your files.

The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/

Link to comment
Share on other sites

Per the latest postings on the bleepingcomputer.com Magniber ransomware section here: https://www.bleepingcomputer.com/forums/t/660547/magniber-ransomware-help-topic-read-me-for-decrypt-idtxt-my-deccryptor/?hl=%2Bmagniber#entry4534648 , the latest versions of it are not decryptable.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...