With almost everyone looking forward to upgrading their Windows 10, cybercriminals are also taking advantage of this hype. They are using they nasty old tricks to distribute ransomware disguised as Windows 10 upgrades through emails.
According to Bitdefender Antispam Labs, cybercriminals have started distributing CTB Locker through emails disguised as Windows 10 installation packs. These frauds encrypt files and demand 2 Bitcoins (~ $600) to be paid in 96 hours in order to return the files.
Microsoft released this highly anticipated update of Windows on July 29, gradually updating systems of users around the world. This was exploited by cybercriminals. Users supposedly get emails from Microsoft offering them to upgrade their OS to the long-awaited version right now.
People are tricked into believing that they have received a letter from a legitimate email address as they can see that this letter has been sent from a officially looking email and the subject of the letter is Windows 10 Free Update.
If users fall for this trick, they download the fake update and finish doing the dirty job themselves by installing ransomware on their computers. Then the real fun begins, as users start seeing a warning displayed on their screen demanding to pay ransom in order to retrieve the files.
Users must pay $600 for a private key in order to decrypt their files. When the ransom is paid, the process of decryption will be initiated and a screen of payment verification will be visible.
The predecessor of CTB Locker is the notorious file-encryptor Cryptolocker. Even though it has been taken down, it seems that it has made its return with this updated version. However, this means that fake Windows 10 updates can hide other versions of ransomware like Cryptolocker, Cryptowall and Cryptowall 3.0 which are as dangerous as CTB Locker. This particular type of malware is continuously changing, getting more dangerous and becoming more elaborate and complex and, consequently, hard to eliminate.
According to Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender, the release of Windows 10 upgrade has presented cybercriminals with a wonderful opportunity. Since people are excited about upgrading their current version of Windows OS, a considerable amount of people can fall victims for such malicious practice.
Bitdefender Labs has discovered that these infected emails were sent in 3 days. This was done from spam servers in the USA, Russia, Ukraine, India, Thailand, Kazakhstan, France and Taiwan.
People are reminded to download and install software only from official websites and never open attachments of unrequested emails as they may contain very dangerous viruses.