“Fake” Home windows 10 Replace Installs “Cyborg” Ransomware

The newest Windows 10 November 2019 Update has begun rolling out for customers. However some evil minds didn’t spend a lot time in profiting from the scenario and ship contaminated and pretend Home windows Replace to the customers.

A brand new ransomware marketing campaign has been found by the safety researchers at SpiderLabs (through TechRadar). The faux Home windows Replace in query is delivered as an attachment in spam emails.

The researchers word that such emails normally embrace the topic line “Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update now!”

Cyborg ransomware fake windows update

Upon opening the e-mail, all a consumer can discover is a single line of the physique together with the faux replace file. Though it’s an executable file, it carries .jpg as its extension.

Now, the hooked up executable file additional downloads one other executable referred to as bitcoingenerator.exe from a now-defunct GitHub account named misterbtc2020. The second executable accommodates the payload for the Cyborg Ransomware that additional encrypts the recordsdata on the sufferer’s machine and leaves a ransom word on the desktop.

Cyborg ransomware fake windows update 2

To unlock system recordsdata, the Cyborg ransomware calls for the sufferer to ship $500-worth of Bitcoin to a pockets deal with talked about within the textual content file.

SpiderLabs researchers additionally discovered 3 samples of the Cyborg ransomware already current within the database of VirusTotal. There additionally exists a Cyborg Ransomware Builder that can be utilized by anybody to create and unfold the ransomware, the researchers warn.

All Home windows customers are suggested to not open any such emails and solely download the newest updates through the built-in Home windows Replace device.

Additionally Learn: Android Flaw Lets Camera Spy On You Even When Your Phone Is Locked

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *