With Microsoft’s launch of the Windows 10 operating system, cybercriminals have taken the opportunity of targeting end users with an email offering a free upgrade.
Windows 10 is available as a free upgrade in 190 countries, with millions of machines having already taken advantage of the upgrade (for information on whether you should upgrade, we wrote this article on the subject).
The huge awareness of the Windows 10 upgrade, in large part a result of the notifications Microsoft deployed to Windows 7 and 8 users, has led to cybercriminals trying to trick users into installing ransomware.
The spam campaign is delivered by fake emails titled “Windows 10 Free Upgrade”, these seem to come from a genuine Microsoft email account “email@example.com”. However, although these may seem legitimate they are in fact spoofed email and to be handled with caution.
Attached to the email is a file called Win10Installer.zip. However, instead of being a Windows 10 installer, it is a variant of the CTB-Locker ransomware.
Those unfortunate enough to unzip and install the file will find their files encrypted with 96 hours given to pay a ransom (usually paid in Bitcoin) if they want to recover them.
A Cisco blog post stated: “Currently, Talos is detecting the ransomware being delivered to users at a high rate. Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system. Also, by utilising Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.”
As always users are encouraged to be cautious when opening any email attachments, particularly when they were unexpected and from an unknown sender.