I’ve always thought cyborgs one of the coolest ideas in science fiction. Leave it to hackers to ruin a perfectly good sci-fi trope with some ransomware. There’s a fresh Windows 10 update ready for you, but if you decide to install it, make sure it’s not this one. Researchers from Trustwave report that spammers are using emails about a fake Windows update to get unsuspecting users to install ransomware called Cyborg.
The email claims to be from Microsoft and asks the user to install “the latest critical update from Microsoft. The email includes a JPG file as an attachment, but the JPG is an executable .NET downloader. Once the files download, the ransomware will encrypt the user’s files and append an extension onto the filename, like “notepad.exe.777,” according to Trustwave.
A text file left on the infected computer’s desktop promises to decrypt one file for free as a good-faith promise, with a $500 bitcoin wallet request to decrypt the rest.
You’re probably safe
All told, this is the kind of attack that’s only going to get the most unaware users. In the example provided by Trustwave, the hacker didn’t even bother to fix in the first word of the one-line email. And of course, the vast majority of users are updating their computers through Windows Update’s automatic (and sometimes intrusive) updates.
Even so, the less confident, less experienced users out there might see a line about an urgent windows update and end up with ransomware on their systems. Keep an eye on your parents’ computers; make sure they’re not clicking on any suspicious jpeg attachments.