Beware of Windows 10 Ransomware Campaign That Locks You Out of Your PC
Earlier this week, Microsoft released the highly-anticipated Windows 10 to the general public. More than 67 million people have already installed the latest desktop OS on their computers, and a lot more are still queuing up to receive the update.
Microsoft is seeding out the updates in multiple waves, and taking advantage of the roll-out strategy, a new ransomware has started to circulate in the wild, which tricks users into downloading and installing malicious files on their PCs instead.
The Cisco Telos team is warning users about this new phishing attack that is distributed through carefully-crafted emails, inviting users to install Windows 10 Free Update. The email comes disguised as an official release from Microsoft as the originating address is spoofed to read as firstname.lastname@example.org, although the sender’s IP address can be traced back to Thailand.
Moreover, the attackers are using a similar color and font scheme as used by the company with the aim to fool users into believing that the email is legitimate.
However, as Cisco points out, there are some minor text inconsistencies and formatting errors that should make users suspicious.
The attachment included in the emails is a ZIP archive file which contains an executable that delivers the payload, CTB-Locker. The payload is a ransomware variant, and if installed, it locks down all the files, along with all the devices connected to the computer.
Victims are then given only 96 hours to pay the ransom if they wish to have access to their data again.
The attackers are making use of Tor and Bitcoin “to remain anonymous and quickly profit from their malware campaigns with minimal risk,” Cisco notes.
The firm recommends users to perform backups of their PCs on a regular basis. Also, make sure to use an up-to-date antivirus scanner and try updating your computer from the built-in Windows Update file.