NEWS
NEWS
NEWS
Beware: Stealth ransomware posing as Windows 10 installer
Cybercriminals are taking advantage of the Windows 10 rollout to try and trick unsuspecting netizens into downloading a particularly nasty variant of ransomware, according to reports.
First reports of the malware came from Cisco Systems Ltd.,’s security team, which noticed a gang of cybercriminals was stepping up its efforts to spread the CTB-Locker ransomware using fake emails that claim to be sent from Microsoft. The emails tell people their Windows 10 download is ready to install, but that’s actually far from the case.
The emails are fairly realistic, as they mimic the kinds of messages Microsoft has been sending out about its new operating system. The sender’s email address reads as update@microsoft.com, making the messages look even more convincing, though Cisco actually traced the IP back to Thailand. The messages also contain the usual Microsoft disclaimer, as well as a message that the email has been scanned and cleared by Mailscanner.
Included in the email is a small attachment that is claimed to be a “Windows 10 installer”, but this nasty file actually contains the CTB-Locker ransomware. Once installed, this nasty bug immediately sets about locking down people’s files, encrypting them so they can no longer be accessed by their owners. The only way to regain access is to pay a “fine” in Bitcoins over the Tor network within 96 hours, The Register reports.
Those looking for another option are likely to be disappointed. The Register quotes Cisco’s Craig Williams as saying “this one is going to be an absolute b*****d to deal with”, noting that CTB-Locker’s elliptic curve encryption algorithm is exceptionally difficult to crack.
Cisco warned that CTB-Locker also sends a large amount of data back to its command and control servers via a hard-coded IP address, which signals that the hackers are looking for additional secrets (like credit card details, user logins etc) they can use for nefarious purposes.
The good news is that Cisco and other antivirus makers are already developing antivirus signatures to block these emails, but even then caution is always advised when opening any email.
And if you do so happen to receive an email purporting to tell you that your Windows 10 download is ready, be alert! Microsoft doesn’t actually remail a Windows 10 installer to anyone, instead it’s all done directly through your current operating system’s update mechanism. Any email saying otherwise is almost certainly a fake.
Photo Credit: pandafrance via Compfight cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
