Microsoft is currently rolling out its latest operating system, Windows 10, as a free upgrade for Windows 7 and Windows 8 users. Cybercriminals are capitalising on this news by distributing dangerous ransomware via fake Windows 10 upgrade emails. The emails claim that you can upgrade to Windows 10 for free by running an attached installer.
The emails have no connection to Microsoft. They use a spoofed email address to make it appear that Microsoft sent them. They also feature a colour scheme that emulates that of genuine Microsoft messages. To further the illusion of legitimacy, the criminals have included a fake status message that falsely claims that the emails have been scanned for viruses and found to be clean.
If you open the attached .zip file and click the .exe file it contains, a ransomware variant called CTB-Locker will be installed. The malware will lock files on the infected computer so that you can no longer access them and demand via a popup message (see screenshot at bottom of the article) that you pay a fee to receive a decryption key to unlock them.
This type of malware can be difficult to remove. And, given that you are dealing with criminals, there is no guarantee that you will receive the unlock key even if you do pay the requested fee.
Keep in mind that Microsoft will never distribute an operating system or security update via an attached file in an unsolicited email. Always update Windows via Microsoft’s legitimate update system. For more information about the Windows 10 upgrade go to the information page on the Microsoft website.
Ransomware is just another reason why keeping good backups of your computer files is essential. Backups can help you recover from a ransomware attack without losing files or paying online criminals.
A screenshot of the malware email:
A screenshot of the ransomware popup: