Skip to content

Magniber’s Missteps: Because Even Spiders Trip Over Their Own Web


Published:

Watch the recording from Virus Bulletin 2023 with Amata Anantaprayoon & Patrik Olson

Ransomware attacks are on the rise, and one group, Magniber, has been causing financial havoc since 2017. In the last six months, they managed to extort about GBP 370,000 from victims. Despite their focus on creating sophisticated attacks, they forgot to protect their own systems. Our Security Analysts, Amata Anantaprayoon & Patrik Olson, will walk you through how we uncovered mistakes in Magniber’s setup.

It all started with a poorly configured web server and accidentally revealing their code. This led us to understand how they deliver the ransomware and who their targets are. We also found a misconfigured log server, exposing data on 80,000 victims and the group’s earnings. Additionally, we discovered RSA private keys crucial for decryption and developed a tool to prove it. We analyzed the risk of key exposure and created a clear diagram of Magniber’s infrastructure. For everyone’s awareness and defense, we’re sharing key signs of compromise.

Recording from Virus Bulletin 2023

For more Threat Intelligence, download the 2023 Global Threat Intelligence Report