Magniber targets Windows OS and is distributed via the Magnitude exploit kit. Although this is a different and unique ransomware variant, some analysts believe that Magniber is a successor to the Cerber variant, as its payment system and the files it targets in its encryption process are the same. Initial samples demonstrate that Magniber only targets Korean-speaking users and, if it does not detect Korean language on the infected system, it will terminate its processes and not encrypt any files. If it does detect the Korean language, it will search for files to encrypt and append either .ihsdj or .kgpvwnr to the file names. It also drops a ransom note named READ_ME_FOR_DECRYPT_[id].txt. Magniber demands a ransom payment amount of 0.2 Bitcoin.

  • Trend Micro provides more information about Magniber here.
  • The NJCCIC is not currently aware of any free decryption tools for Magniber. However, analysts on the Bleeping Computer forums may be able to assist victims with infections. If you are infected, please contact them here.