Beware of Windows 10 scam
With 14 million users and counting, those who haven’t gotten their Windows 10 update are understandably jumpy about missing out on Microsoft’s latest edition of their popular operating system. However do be careful as there are emails circulating to scam the public. The email appears to come from an official Microsoft address, [email protected], adding to its authenticity, but don’t be fooled — Microsoft isn’t going to send you an email with Windows 10 as the attachment.
The email is pretty obviously fake as there are certain characters that don’t parse properly. A company like Microsoft is sure to make sure their email is displayed perfectly on any device. If you were to ignore all of these signs, download the attached .zip file, extract the software and run the executable anyway, you would immediately find your computer locked by a ransomware variant called CTB-Locker. Here’s what it looks like:
The payload is CTB-Locker, a ransomware variant. Currently, Talos (Cisco) is detecting the ransomware being delivered to users at a high rate. Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.
Pokdepinion: Windows 10 is a welcome improvement over Windows 8.1, but nothing to risk getting scammed over. If you can’t wait for Windows Update to download the update for you, you can use the media creation tool to download the ISO or just the update. Have fun with Windows 10!