Spoofed Win10 update emails carry nasty ransomware

Microsoft is rolling out its free Windows 10 upgrade in phases, which means that some of those who are signed up to receive the new OS have to wait (your author included). It's only human nature that waiting breeds impatience, and some diabolically clever malware makers are taking advantage of the situation. According to a new threat analysis by Cisco, a new crop of scam emails masquerading as a Windows 10 upgrade notification is making the rounds, with an attached "Windows 10 installer" zip file that's actually a variant of the CTB-Locker cryptographic ransomware.

As is usually the case with these types of scams, the email itself contains a variety of malformed characters, questionable grammar, and amateurish-looking assurances that the message has passed a threat scan. If the user ignores all of those cues and downloads and installs the attached executable, the ransomware encrypts a wide swath of personal files and threatens the permanent loss of that information unless the victim pays off the attackers in time.

Cisco recommends that users maintain regular offline backups of their data to avoid falling victim to the attack. We recommend patience and a healthy dose of skepticism while you wait for your Windows 10 upgrade—and when dealing with any suspicious email.

Comments closed
    • Wirko
    • 4 years ago

    Bad guys: We take your money, or we take your data.
    MS Corporation: We take your money, and we take your data.

    • uni-mitation
    • 4 years ago

    [quote<] I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you [s<]let my daughter go[/s<] return my prized p-o-r-n collection now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will kill you.[/quote<]

      • Wirko
      • 4 years ago

      Wow, a bold threat from someone who can’t even properly backup his or her prized Linux iso files.

    • Buzzard44
    • 4 years ago

    Whoa, small world! I know those guys – they sit a couple rows over from my cube. I’m gonna have to forward this link and tell them they’re TR famous.

      • Buzzard44
      • 4 years ago

      What about this could have possibly warranted a downvote?

      Oh, maybe I wasn’t clear I meant the Cisco threat researcher people from the linked article, not the scammers.

    • Techgoudy
    • 4 years ago

    You would have thought that by now the person or “thing” generating these emails would be able to produce full sentences that are error free of spelling and grammatical issues.

      • UnfriendlyFire
      • 4 years ago

      And yet people still keep clicking on the links.

      Doesn’t matter if they drenched Google, Yahoo, Microsoft and other email providers with millions of spam (from a rented bot-net) as long as they get a handful of clicks.

      • Deanjo
      • 4 years ago

      I think the same thing every time I read a Semi-Accurate article.

      • NTMBK
      • 4 years ago

      I read an interesting theory that these “errors” are actually an intentional filter- it reduces your target audience to people who are stupid enough to actually be worth trying to scam.

    • UnfriendlyFire
    • 4 years ago

    At MS help desk:

    “So we got users that lost data during the upgrade process and had no backups, upgrades that crashed or errored during the process, drivers that SPECIFICALLY for Windows 7 or 8 and nothing else, and lots of other whining users.

    So what’s new now?”

    “Some guy said that we’re holding his data ransom after receiving an upgrade email notification and he’s threatening to call the police on us.”

    “Get me some aspirins and tea.”

    • BillyBuerger
    • 4 years ago

    I never even signed up for the upgrade. I wanted to wait to see how the update was going to be applied before committing to anything. But now that it’s here, I just [url=https://www.microsoft.com/en-us/software-download/windows10<]downloaded the ISO[/url<] and ran the setup from there. Upgraded. Then I could boot from the ISO, wipe the C: drive and do a clean install. No waiting necessary.

      • Duct Tape Dude
      • 4 years ago

      The problem is that people who don’t understand what any of that means are more likely to click an email that says “Run this to upgrade to Windows 10!”

Pin It on Pinterest

Share This