Cyber security experts have warned that Magnitude EK, a ransomware exploit kit, has increased its focus on the Asia-Pacific countries in the last 12 year.

This kit is found to be spreading ranswomware through malvertising, or the advertisements containing malware to lure victims to the trap.

The compromised systems will become slaves of the hackers, who can lock the data and demand huge amounts to release the same.

Though it is not something new, cyber security experts see a spurt and increased focus on countries in the APAC region.

Using the exploit kit, the hackers could successfully spread malware through online advertisements.

“Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit,” a cyber security expert at Kaspersky has said.

He said the campaign continues to target APAC countries to this day, and during the last year, Magnitude EK was always seen using its own ransomware as a final payload.

“Like the majority of exploit kits out there, in 2019 Magnitude EK used CVE-2018-8174. However, the attackers behind Magnitude EK were one of the first to adopt the much newer vulnerability CVE-2019-1367. They have been using it as their primary exploit since February 11, 2020,” he said.

Magnitude EK uses its own ransomware as its final payload. The ransomware comes with a temporary encryption key and list of domain names and the attackers keep changing them frequently. After the system is compromised, a ransom note is left in each folder with encrypted files and at the end a notepad.exe process is created to display the ransom note.

“After encryption the ransomware also attempts to delete backups of the files,” he added.

How to address the challenge

The Kaspersky official asked the users to regularly update the Operating Systems and software in their devices.

“Storing back-up for important data is a basic step that needs to be taken especially by enterprises and government institutions in order to fight against attacks like ransomware,” Dipesh Kaura, General Manager for South Asia, Kaspersky, said.

He also asked the users to install security updates regularly. “They should also migrate to a newer Operating System,” he said.