Cybercriminals Exploit Launch of ‘Windows 10’ to Spread Ransomware - Cisco

Cisco, a security firm, spotted the campaign and said that cyber crooks are exploiting the recent launch of Windows 10 OS of Microsoft to trick Internauts into installing a strand of ransomware on their systems.

The spam campaign drafted to spread a piece of ransomware promises its recipients Windows 10 upgrade free of cost.

The fake emails entitled "Windows 10 Free Update" and they seem to come from update@microsoft.com. The warnings might look legitimate to some regular Internauts because these also contain a genuine-looking disclaimer and a message informing that the note has been scanned for dangerous content and viruses.

However, a close glance shows that the sender in reality tricked the beginning email address and the content of emails comprises many characters which have not been described properly.

The attachment to the fake notifications, Win10Installer.zip, is not a Windows 10 installer but an alternative of the infamous CTB-Locker ransomware.

Once it is unzipped and executed, the CTB-Locker ransomware first encrypts all files on the computer of the victim and then demands ransom money (Cisco does not disclose how much) within 4 days failing which it destroys the files decryption keys.

Whoever masterminded this strand of ransomware (Cisco found the IP address of the computer which sends emails to Thailand although that does not specify the origin) know his or her stuff because the crook has demanded payment particularly in Bitcoin and provides directives to go through the privacy-oriented Tor browser. Cisco says that theoretically this would make the criminals untraceable.

Theregister.co.uk published news on 3rd August, 2015 quoting Craig Williams, Security Outreach Manager of Talos team of Cisco, as saying "If you pay the attacker in Bitcoin then it is a very smooth funding stream; the money goes directly to paying the (malware) development team. This is the reason, due to which we are seeing such a fast development cycle in ransomware."

Therefore, if you receive an email claiming to tell you that your Windows 10 download is ready, then you should be careful. Microsoft does not normally email a Windows 10 installer to anyone but instead it is all done directly through update mechanism of your current operating system. Experts conclude that any email saying otherwise is almost surely a fake.

» SPAMfighter News - 8/18/2015