Hackers use fake Windows update to install ransomware

I’ve always thought cyborgs one of the coolest ideas in science fiction. Leave it to hackers to ruin a perfectly good sci-fi trope with some ransomware. There’s a fresh Windows 10 update ready for you, but if you decide to install it, make sure it’s not this one. Researchers from Trustwave report that spammers are using emails about a fake Windows update to get unsuspecting users to install ransomware called Cyborg.

The email claims to be from Microsoft and asks the user to install “the latest critical update from Microsoft. The email includes a JPG file as an attachment, but the JPG is an executable .NET downloader. Once the files download, the ransomware will encrypt the user’s files and append an extension onto the filename, like “notepad.exe.777,” according to Trustwave.

A text file left on the infected computer’s desktop promises to decrypt one file for free as a good-faith promise, with a $500 bitcoin wallet request to decrypt the rest.

You’re probably safe

All told, this is the kind of attack that’s only going to get the most unaware users. In the example provided by Trustwave, the hacker didn’t even bother to fix in the first word of the one-line email. And of course, the vast majority of users are updating their computers through Windows Update’s automatic (and sometimes intrusive) updates.

Even so, the less confident, less experienced users out there might see a line about an urgent windows update and end up with ransomware on their systems. Keep an eye on your parents’ computers; make sure they’re not clicking on any suspicious jpeg attachments.

1 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
1 Comment authors
Al Bundy Recent comment authors
newest oldest most voted
Notify of
Al Bundy
Al Bundy

wait…there’s an actual option to update? i thought it was automatically forced down our throats?

Pin It on Pinterest

Share This