CNET News - Tuesday, November 19, 2019 at 11:00 AM
Windows users, beware: This fake update could lock up your PC, or worse - CNET
Graphic by Pixabay/Illustration by CNET
With the end of support for Windows 7 coming in January, many users are looking
to update to Windows 10 to continue getting security updates and support from
Microsoft. According to a Tuesday report from security firm Trustwave,
attackers are well aware of this and are targeting Microsoft users with fake
Windows update emails that will infect computers with ransomware -- an
especially sinister type of malware that locks up valuable data on your
computer, and demands that you pay a ransom to release it or your data will be
destroyed.
Read also: Upgrade to Windows 10 free, here's how
The spammers are sending some Windows users emails with subject lines "Install
Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!"
The emails, which claim to be from Microsoft, include one sentence in the
message body, which starts with two capital letters, Trustwave found. They ask
recipients to click an attachment to download the "latest critical update."
Trustwave
The attachment has a .jpg file extension, but is actually a malicious .NET
downloader, which will deliver malware to your machine. The ransomware, called
bitcoingenerator.exe, encrypts the recipient's files, and leaves a ransom note
titled "Cyborg_DECRYPT.txt" on their desktop, asking for $500 in bitcoin to
unlock the files.
Trustwave
The ransomware came from a Github account, which was active during Trustwave's
investigation but has since been removed, the firm noted. Still, this form of
ransomware can be created and spread by anyone who gets hold of the builder,
attaching it to different types of emails to get through spam filters.
Most ransomware attacks come in through email, so users should be wary of
opening any email attachment or link from an unknown sender, even if it seems
to be from a reputable company (hackers impersonate Microsoft more than any
other brand when sending spam emails, a May report from Vade Secure found).
Misspelled words or poor formatting are often clues of an attack.
"This is a very common type of phishing attack -- where the attacker tries to
convince the target to open a malicious attachment," Karl Sigler, threat
intelligence manager of Trustwave SpiderLabs, said in an email. "Windows users
should understand that Microsoft will never send patches via email, but rather
use their internal update utility embedded in every current Windows operating
system. Users should always be wary of any unsolicited emails, especially those
that present urgency to open attachments or click on links."
For more, check out 4 ways to avoid the next Petya or WannaCry attack.
Now playing: Watch this: Ransomware: How to defend yourself against it
1:36
https://www.cnet.com/news/windows-users-beware-this-fake-update-could-lock-up-your-pc-or-worse/#ftag=CAD590a51e
David Goldfield
Assistive Technology Specialist
Feel free to visit my Web site
WWW.DavidGoldfield.info
