Beware emails bearing 'Windows 10' – You could get ransomware instead
Beware emails bearing a free Windows 10 upgrade. They hide malware, rather than the latest operating system from Microsoft, according to the latest warning from Cisco's Talos Group.
As our sister publication FierceCIO reported, the use of Windows 10 has taken off since Microsoft unveiled it last week. In fact, Windows 10 usage in the first three days was substantially higher than that of Windows 8.1 for the same time period.
Windows users are itching to get their hands on the new OS, which is what the attackers are counting on. The group identified by Talos is posing as Microsoft and promising to deliver the Windows 10 upgrade by email in a zip file.
Unfortunately, once the victim clicks the zip file to download "Windows 10," he or she gets CTB-Locker ransomware instead. The files on the computer are then encrypted, and the victim is directed to pay the ransom in Bitcoin within 96 hours to get the decryption key or lose their files forever.
Ransomware is not a new problem, but its use has ramped up recently.
"Talos is detecting the ransomware being delivered to users at a high rate. Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware," Cisco's Nick Biasini wrote in the Talos post. "The functionality is standard, however, using asymmetric encryption that allows the adversaries to encrypt the user's files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk."
Windows users are advised to not open emails claiming to offer a free upgrade to Windows 10 and to backup files regularly and store the backups offline.
"Adversaries are always looking to leverage current events to get users to install their malicious payloads. This is another example, which highlights the fact that technology upgrades can also be used for malicious purposes," Biasini concluded.
- read Biasini's blog post