Magniber targets Windows OS and is distributed via the Magnitude exploit kit. Although this is a different and unique ransomware variant, some analysts believe that Magniber is a successor to the Cerber variant, as its payment system and the files it targets in its encryption process are the same. Initial samples demonstrate that Magniber only targets Korean-speaking users and, if it does not detect Korean language on the infected system, it will terminate its processes and not encrypt any files. If it does detect the Korean language, it will search for files to encrypt and append either .ihsdj, .kgpvwnr, or .dxjay to the file names. It also drops a ransom note named READ_ME_FOR_DECRYPT_[id].txt. Magniber demands a ransom payment amount of 0.2 Bitcoin.

4/3/2018: Security researchers from AhnLab have released decrypters for numerous versions of the Magniber ransomware.

7/16/2018: Magniber ransomware is now capable of infecting users who have their PC language set to Chinese or Malay. The malware was originally developed to target only victims in South Korea; however, recently discovered updates in the ransomware’s code suggest that the malware's authors are expanding their targeting. The new version of Magniber appends .dyaaghemy to the names of encrypted files. At the time of writing, there is no free decryption tool available for this version of Magniber.

  • Trend Micro provides more information about Magniber here.
  • AhnLab provides decryptors for several versions of the Magniber ransomware on their website located here and here