AI-Enabled Samsung Galaxy Z Series with Innovative Foldable Form Factor & Significantly Improved Screen Delivers New User Experiences Across Productivity, Communication & Creativity The…
New ransomware attack pretends to be a Windows 10 update file
As if installing Windows 10 updates aren’t stressful enough, fake Windows updates can now install ransomware to your computer.
According to researchers at TrustWave, a recently discovered malicious email campaign is scaring users into installing “critical” Windows 10 updates to their computers.
Spoiler warning: it’s actually malware.
After opening the email, users are instructed to open an attachment, which will install the “update”. Hilariously, this attachment’s disguised as a .jpg, so it’s immediately apparent that’s something’s not quite right.
Nevertheless, clicking the attachment downloads a payload from Github, according to TrustWave.
“The file bitcoingenerator.exe will be downloaded from misterbtc2020, a Github account which was active for a few days during our investigation, but is now removed,” it added.
TrustWave found that it’s a typical bitcoin-requesting ransomware called Cyborg that’ll leave a text document on the infected desktop asking to transfer cryptocurrency into a wallet. It also renames all files to a .777 extension.
But perhaps what’s most worrying of all is that anyone can create such malware. TrustWave found that this example was created using a builder tool that can be found on Github too.
Only update Windows 10 via your settings menu
This is so important. Don’t trust any emails prompting you to install updates to your Windows 10 machine, or any other device for that matter. Always use the official Windows 10 update tool in Settings.
More importantly, if you see an email in your inbox with the subject lines ” Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!”, just delete them. Immediately.
South Africa’s struggles with ransomware in 2019
South African companies and utilities have recently fell to the malicious advances of ransomware campaigns, including the City of Joburg and Johannesburg’s power provider City Power.
Feature image: Andy Walker/Memeburn