Detect magniber ransomware

Magniber Ransomware

Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

Modifies boot configuration data using bcdedit

Deletes System State backups

Uses wbadmin.exe to inhibit system recovery.

Deletes backup catalog

Uses wbadmin.exe to inhibit system recovery.

Modifies Installed Components in the registry

Modifies extensions of user files

Ransomware generally changes the extension on encrypted files.