SentinelOne Vs. Magniber Ransomware – Mitigation and Rollback

See how SentinelOne mitigates and rolls back Magniber. Magniber Ransomware has been seen in the wild since early 2017, primarily focusing on targets in and around South Korea delivered by Magnitude Exploit Kit. However, more recent versions (from early 2021 forward) have relied on direct delivery methods (phishing/watering hole attacks).

Additionally, Magniber has been quick to embrace other vulnerabilities in the past. Recently, Magniber’s feature set was updated to include exploitation of PrintNightmare. PrintNightmare is a remote code execution vulnerability present in the Windows Spooler Service. This particular flaw allows unprivileged users a very convenient avenue to escalate privileges and increase their impact on targeted systems.

The ransomware also leveraged CVE-2019-1367 (Scripting Engine) and CVE-2018-8174 (Windows VBScript Engine).

#ransomware #cybersecurity #infosec #magniber #exploit #printnightmare