Ransomware Impersonates Microsoft Update


From CNET:

With the end of support for Windows 7 coming in January, many users are looking to update to Windows 10 to continue getting security updates and support from Microsoft. According to a Tuesday report from security firm Trustwave, attackers are well aware of this and are targeting Microsoft users with fake Windows update emails that will infect computers with ransomware — an especially sinister type of malware that locks up valuable data on your computer, and demands that you pay a ransom to release it or your data will be destroyed.

The spammers are sending some Windows users emails with subject lines “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!” The emails, which claim to be from Microsoft, include one sentence in the message body, which starts with two capital letters, Trustwave found. They ask recipients to click an attachment to download the “latest critical update.”

The attachment has a .jpg file extension, but is actually a malicious .NET downloader, which will deliver malware to your machine. The ransomware, called bitcoingenerator.exe, encrypts the recipient’s files, and leaves a ransom note titled “Cyborg_DECRYPT.txt” on their desktop, asking for $500 in bitcoin to unlock the files.

Most ransomware attacks come in through email, so users should be wary of opening any email attachment or link from an unknown sender, even if it seems to be from a reputable company (hackers impersonate Microsoft more than any other brand when sending spam emails, a May report from Vade Secure found). Misspelled words or poor formatting are often clues of an attack.

Read the full article at CNET.


About Author

Comments are closed.