UPDATED 06:13 EST / AUGUST 03 2015

NEWS

Beware: Stealth ransomware posing as Windows 10 installer

Cybercriminals are taking advantage of the Windows 10 rollout to try and trick unsuspecting netizens into downloading a particularly nasty variant of ransomware, according to reports.

First reports of the malware came from Cisco Systems Ltd.,’s security team, which noticed a gang of cybercriminals was stepping up its efforts to spread the CTB-Locker ransomware using fake emails that claim to be sent from Microsoft. The emails tell people their Windows 10 download is ready to install, but that’s actually far from the case.

The emails are fairly realistic, as they mimic the kinds of messages Microsoft has been sending out about its new operating system. The sender’s email address reads as update@microsoft.com, making the messages look even more convincing, though Cisco actually traced the IP back to Thailand. The messages also contain the usual Microsoft disclaimer, as well as a message that the email has been scanned and cleared by Mailscanner.

Included in the email is a small attachment that is claimed to be a “Windows 10 installer”, but this nasty file actually contains the CTB-Locker ransomware. Once installed, this nasty bug immediately sets about locking down people’s files, encrypting them so they can no longer be accessed by their owners. The only way to regain access is to pay a “fine” in Bitcoins over the Tor network within 96 hours, The Register reports.

Those looking for another option are likely to be disappointed. The Register quotes Cisco’s Craig Williams as saying “this one is going to be an absolute b*****d to deal with”, noting that CTB-Locker’s elliptic curve encryption algorithm is exceptionally difficult to crack.

Cisco warned that CTB-Locker also sends a large amount of data back to its command and control servers via a hard-coded IP address, which signals that the hackers are looking for additional secrets (like credit card details, user logins etc) they can use for nefarious purposes.

The good news is that Cisco and other antivirus makers are already developing antivirus signatures to block these emails, but even then caution is always advised when opening any email.

And if you do so happen to receive an email purporting to tell you that your Windows 10 download is ready, be alert! Microsoft doesn’t actually remail a Windows 10 installer to anyone, instead it’s all done directly through your current operating system’s update mechanism. Any email saying otherwise is almost certainly a fake.

Photo Credit: pandafrance via Compfight cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU