Windows fake update to lock your files

Hackers send a Windows fake update, as many users want to update from Windows 7, to Windows 10. They are aware of this and target Microsoft users with fake Windows update emails. These emails infect computers with ransomware.

The subject of emails is “Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update now!”. They ask the recipients to download the “latest critical update” attached.

The fake update attachment has a “.jpg” file extension, but it is an executable file. But this is a malicious .NET downloader which delivers another malware to the infected system. The hoax Microsoft update downloads another “.exe” file from GitHub, which is a software development platform. In fact, the ransomware came from a GitHub account that was closed, meanwhile.

The ransomware, called bitcoingenerator.exe, encrypts the recipient’s files. Then, it leaves a ransom note titled “Cyborg_DECRYPT.txt” on their desktop, asking for $500 in bitcoin to unlock the files. So, an imprudence may cost you a lot of money if you care about the data on your computer.

Protection is the keyword
Although hackers impersonate well-known companies very well when sending spam emails, misspelled words or poor formatting are often clues of an attack. So it happens in the recent Windows fake update emails.

“Windows users should understand that Microsoft will never send patches via email, but rather use their internal update utility embedded in every current Windows operating system. Users should always be wary of any unsolicited emails, especially those that present urgency to open attachments or click on links,” Karl Sigler, threat intelligence manager of Trustwave SpiderLabs, warned.

The best defense strategy for any user is to avoid and remove the messages coming from unknown sources. Also, it is always better to think twice before you download an attachment from untrusted/unknown people or companies.