Currently the known extensions are: .ihsdj & .kgpvwnr
The TOR payment site for Magniber is called "My Decryptor".
Jump to content
Posted 18 October 2017 - 01:35 PM
Posted 19 October 2017 - 12:35 AM
As a South Korean, I am triggered now!
My colleague was hit by CRBR prob v5 or v6 which i am aware there's no decryption method.
1. By the ransom note of your Original article states that Victim ID is the subdomain of tor browser.
does "oc77-----" your ID when testing this ransomware?
2. Refer to my comment on the original article,
"So are you saying now Cerber has two successor?
Cerber - Crbr
Cerber - Magniber
or is crbr simply another name of cerber as of version3?"
Edited by samwiseOrgin, 19 October 2017 - 12:36 AM.
Posted 19 October 2017 - 10:01 AM
Posted 19 October 2017 - 07:51 PM
Mr. Abrams please refer to my comment in your article. I dont know if this goes for all ransomware, but all of Magniber victims shows the symptom of window notification saying "Not able to find ihsdj.exe..... kgpvwnr.exe... or fprgbk.exe in Temp folder."
Pictures to follow (Be advised, all in Korean lanuage. I will highlight the significance with blue marks)
Edited by samwiseOrgin, 19 October 2017 - 10:02 PM.
Posted 21 October 2017 - 04:22 PM
Posted 09 November 2017 - 09:30 PM
Updates on the extension of Maginber Ransomware following :
ihsdj & .kgpvwnr, madrcby / jdakuzbrk / ymdmf / vbdrj / fprgpk / iupgujqm / skvtb / Ihjjnetmm
list of extension will be updated in my convenience
0 members, 0 guests, 0 anonymous users