The latest Windows 10 November 2019 Update has begun rolling out for users. But some evil minds didn’t spend much time in taking advantage of the situation and deliver infected and fake Windows Update to the users.
The researchers note that such emails usually include the subject line “Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update now!”
Upon opening the email, all a user can find is a single line of the body along with the fake update file. Although it’s an executable file, it carries .jpg as its extension.
Now, the attached executable file further downloads another executable called bitcoingenerator.exe from a now-defunct GitHub account named misterbtc2020. The second executable contains the payload for the Cyborg Ransomware that further encrypts the files on the victim’s machine and leaves a ransom note on the desktop.
To unlock system files, the Cyborg ransomware demands the victim to send $500-worth of Bitcoin to a wallet address mentioned in the text file.
SpiderLabs researchers also found 3 samples of the Cyborg ransomware already existing in the database of VirusTotal. There also exists a Cyborg Ransomware Builder that can be used by anyone to create and spread the ransomware, the researchers warn.
All Windows users are advised not to open any such emails and only download the latest updates via the built-in Windows Update tool.