Windows 10 Fake Update Installs Ransomware

Windows 10 Fake Update

Another day, another cyberattack making the news and potentially infecting our monitored workstations.

With the newest legitimate Windows 10 updates hitting desktops and laptops, evil minds are looking to capitalize in the form of prompting consumers to download infected “updates.” This new ransomware threat was discovered by top researchers at SpiderLabs, and they were able to determine that the update in question is being delivered via an attachment hitting inboxes.

What To Look Out For

The cyber-criminals are currently trying to con users into downloading the Windows 10 fake update ransomware under the guise of a crucial system upgrade from Microsoft. It has been determined that the most common email subject lines for this attack are as follows:

“Critical Microsoft Windows Update!”

“Install Latest Microsoft Windows Update now!”

Receiving an email about a Windows update, in general, should be red flag number 1. If you are not one hundred percent familiar, Microsoft pushes its operating system through the Windows Update app preinstalled on the computer system. You’ll find a pop-up on your own machine when there is a new update waiting for you, but you’ll never be notified about software updates system over email.

How The Attack Works

The email itself simply has one line of text:

“Please install the latest critical update from Microsoft attached to the email.”

While this might seem obvious this is a hack to some, it’s easy to not look too much into an update email and simply follow the instructions that have been given.

Another important thing to note is that the attachment file is in the familiar “.JPG” format. The file is simply disguised as a recognizable format and is not actually an image. Instead, the file attached to the email is a malicious “.NET” download made to deliver the infection on your system.

What Happens Once Infected

Once the ransomware activates itself on your workstation, it will encrypt and lock all the documents on your PC using a brand new file extension. This will prevent you from accessing any of the data on your computer and potentially server-wide. The malicious software then leaves a single text document, “Cyborg_DECRYPT.txt,” on the desktop.

What do the cyber-criminals want to release your data? Money, of course.

The text document on your computer will instruct you to pay to unlock your documents. Once they’ve received payment, the online criminals promise to unlock the documents in your own computer so you can once again access all of the files you have stored on your PC. However, that does not always mean the nightmare is over.

Cyborg malware is particularly gruesome since it installs a copy of itself deep within the origin of the infected drive. This means it could be triggered and once again appear on your computer. This could start a vicious cycle of having to pay the cyber-criminals over and over again to maintain your data.

Even if you pay the amount of money they demand of you, there’s no guarantee you’ll get access to your documents. Plus, paying only encourages more ransomware strikes.

What To Do If You Receive The Email

If you or one of your colleagues receive this Windows 10 fake update malicious email, it is imperative that you delete the email right away. Make sure that you go into your trash and permanently delete the email as well. Once you have taken that step, we recommend that you alert your manager that you received the email as well as let them know the steps you took.

This step is important because you or your manager will want to alert everyone in the office to look out for this fake email and provide the proper steps of action if they receive it as well. Taking proactive steps is the best way to prevent this issue from taking hold of your network.

What to do If You Downloaded The Attachment

If you have already downloaded the Windows 10 fake update attachment, the first step is to alert your IT department or team member in charge of IT. Often times, ransomware is outside the scope of an internal IT team member. It is always a good idea to seek the help or consultation of an IT Services Company. They can help you with remediation as well as offer prevention methods unique to your business.

Be Proactive, Not Reactive

Like most things in life, and technology, the best way to deal with cyber-criminals is by putting proactive measures in place that prevent them from doing the damage in the first place. If you’re concerned about the security of your network, there are a few things you can do to prevent these sorts of disasters from impacting your business.

The first step in ransomware protection is spam filtering. It is a good first step to deploy a robust spam filter that will prevent these such emails from hitting the inboxes on your network. If you don’t receive the emails, it’s hard to click on a malicious link.

Another proactive step you can take is to partner with a Managed IT Services company that can provide you with Patch Management as a service. Patch Management is the process of keeping your network systems and security updated. Outdated systems are more susceptible to attacks, making it critical to keep all of your systems up to date and working at peak performance.

Windows 10 Fake Update Next Steps

If you have any questions regarding this fake Windows 10 update or need assistance with your IT, please contact our team here at Charlotte IT Solutions. We’ve been serving Charlotte for over 20 years and would love to help propel you closer to your business goals.