Serious Vulnerability with Google Chrome and Microsoft Edge

What has happened?

There has been a massive cyberattack campaign where ransomware is spread through fake Windows OS updates, and the Singapore Police Force (SPF) and Cyber Security Agency of Singapore (CSA) have issued a joint advisory warning the public to stay vigilant.

The ransomware known as Magniber is distributed through fake websites offering illegal or pirated software downloads. Once installed, it will encrypt files on the target’s system, and demand a ransom to be paid through cryptocurrency such as Bitcoin to regain access. Attackers may also gain access to the victim’s confidential information and extort an additional ransom in exchange for not divulging it publicly.

Sample Magniber ransomware screen warning (Source: www.neowin.net)

 

What do I need to do?

As of now, there are no known cases of this ransomware in NUS, but as this campaign primarily targets individual consumers rather than enterprises, please do the following to avoid falling prey:

1. Back up your data regularly. It is recommended to use nBox to do this.
2. Only download and install software and updates from official sources.
3. Ensure that your mobile devices, PCs and notebooks are updated with the latest OS versions.
4. For PCs and notebooks, ensure you have an anti-virus (AV) software running and updated with the latest virus signatures. All staff should install and use the official AV, Trend Micro Apex One.
5. Look out for phishing emails and do not click on suspicious links or open suspicious attachments.

 

What if I have fallen prey?

In the unfortunate event that you detect or think that your system has been infected with the ransomware, please do the following:

1. Power off your machine immediately.
2. Disconnect your machine from the network (by turning off WiFi or unplugging the network cable).
3. Disconnect all external storage devices (flash drives, external hard drives).
4. Report to NUS IT Care at 6516 2080 or ITCare@nus.edu.sg immediately.

Most importantly, DO NOT PAY the ransom, as there is no guarantee that you will regain access to your data and it emboldens attackers to continue with their criminal activity and target more victims.

 

For more information

Here is the official advisory from CSA/SPF:
https://www.csa.gov.sg/en/singcert/Advisories/ad-2022-006

Please contact NUS IT Care at 6516 2080 or ITCare@nus.edu.sg should you have any queries.