Updating to Windows 10? Don’t fall victim to this spam email attack.
With the end of support for Windows 7 coming in January, many users are looking to update to Windows 10 to continue getting security updates and support from Microsoft. According to a report from Trustwave, attackers are well aware of this and are targeting Microsoft users with fake Windows update emails that will infect computers with ransomware. Their goal is to lock up valuable data on your computer and demand that you pay a ransom to release it or your data will be destroyed.
The spammers are sending some Windows users emails with subject lines “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!” The emails, which claim to be from Microsoft, include one sentence in the message body. They ask recipients to click an attachment to download the “latest critical update.”
The attachment has a .jpg file extension but is actually a malicious .NET downloader, which will deliver malware to your machine. The ransomware encrypts the recipient’s files and leaves a ransom note titled “Cyborg_DECRYPT.txt” on their desktop, asking for $500 in bitcoin to unlock the files.
Where is the ransomware coming from?
The ransomware was posted on a Github account, which was active during Trustwave’s investigation but has since been removed. This form of ransomware can be created and spread by anyone who gets hold of the builder. They would then just need to attach it to different types of emails to get through spam filters.
Most ransomware attacks come in through email, so users should be wary of opening any email attachment or link from an unknown sender. This is true even if it seems to be from a reputable company (hackers impersonate Microsoft more than any other brand when sending spam emails, a report from Vade Secure found). Misspelled words or poor formatting are often clues of an attack.
“This is a very common type of phishing attack — where the attacker tries to convince the target to open a malicious attachment,” Karl Sigler, threat intelligence manager of Trustwave SpiderLabs, said. “Windows users should understand that Microsoft will never send patches via email, but rather use their internal update utility embedded in every current Windows operating system. Users should always be wary of any unsolicited emails, especially those that present urgency to open attachments or click on links.”
For more tips, check out Phish Attacks: 6 Steps to Avoid Being a Victim.
Rayome, Alison DeNisco. (2019, November 19). Windows users, beware: This fake update could lock up your PC, or worse. CNET.