Fake Windows update installs ransomware on PCs

midian182

TechSpot Editor
Staff member

Researchers from Trustwave’s SpiderLabs discovered the spam emails, which come with an 'Install Latest Microsoft Windows Update now!' or 'Critical Microsoft Windows Update!’ subject line. Microsoft, of course, doesn’t send out Windows updates through email.

The messages contain just one sentence, and the first word begins with two capital letters, making it appear even less legitimate. Recipients are asked to click an attachment to download the ‘update.’ While the file has a .jpg extension, it’s actually an executable .NET downloader that delivers malware to the infected system.

Clicking on the file will download another executable, this one called bitcoingenerator.exe from a (now-removed) Github account named misterbtc2020. Like the email attachment, this is .NET compiled malware—the Cyborg ransomware.

As with other ransomware, bitcoingenerator.exe encrypts users’ files and changes their extension to its own: 777. The ransomware also leaves a copy of itself called ‘bot.exe’ hidden at the root of the infected drive.

Victims will then find a ransom note named "Cyborg_DECRYPT.txt" on their desktop, which demands $500 to decrypt the files.

When the researchers looked for the ransomware’s original filename, they found three other samples and discovered that a builder for the ransomware exists. There was even a YouTube video containing a link to the builder hosted in Github, which had two repositories: one with the ransomware builder binaries, the other with a link to the Russian version of the builder.

Ransomware has become criminals’ malware of choice in recent times, especially when it comes to hitting local government systems. On Monday, Louisiana was targeted for the second time this year, though its cybersecurity team stopped the attack before any damage was done.

Permalink to story.

 

mrtraver

TS Evangelist
How do people still get scammed over email like this in this day and age? :joy:
I would venture to say the majority of people with PCs are not actually tech-savvy. I'm pretty sure your grandparents do not read Techspot. These scams are targeted at them. They see "Microsoft" and "Windows" and "critical", and know they have Microsoft Windows on their computer, so...
 
  • Like
Reactions: dms96960 and Godel

TheBigT42

TS Guru
How do people still get scammed over email like this in this day and age? :joy:
I work at a small University. You would be AMAZED how many students will just enter their private information when asked by the WORST looking phishing email.
 

Nobina

TS Evangelist
I would venture to say the majority of people with PCs are not actually tech-savvy. I'm pretty sure your grandparents do not read Techspot. These scams are targeted at them. They see "Microsoft" and "Windows" and "critical", and know they have Microsoft Windows on their computer, so...
You're absolutely right, most people are not tech savvy yet you don't need to be to spot the obvious scam. I'm pretty sure literacy in computers has gone up since 10-15 years hence I find this funny.

Think twice when micros0ftofficial asks for your credit card number.
 

AlexsonShiro

TS Rookie
I Have Notified My Mom Privately FYI, So That She Can Avoid That. Is Malwarebytes Anti-Malware Tested As To Be Strong Enough As To Defeat The Mechanical Robotic Cyborg? If That's A Yes, Then I Would Have Cunningly Trapped Him!