The ransomware primarily targets South Korean victims and is distributed via the Magnitude exploit kit. The malware uses AES encryption and uses four domains for callback to command and control servers. The gang ceases all activity starting in 2019 before launching new campaigns in the summer of 2021. After an absence of about 6 months, Magniber reappears in February 2022. In April, the ransomware is distributed via fake Windows 10 updates.