Ransomware Being Spread Through Fake Windows 10 Update

Windows 10 update screen

Microsoft began rolling out Windows 10 as an update to customers on July 29th. Not even two months later, the first example of a Windows 10 update being used as a smokescreen to distribute malware has been spotted. Specifically, this scam convinces users they’re downloading the Windows 10 update, when in reality they’re adding CTB Locker to their hard drives, which is a nasty form of ransomware. Here’s what you need to know.

The scam starts with an email, as many of these types of scams do. This one appears to be directly from Microsoft at first glance. While the email address appears to be legitimate and the subject reads ‘Windows 10 Free Update’, there are a couple of giveaways that this offer isn’t on the level. Most notably, if you’re already a Windows user, Microsoft probably isn’t going to contact you via email to distribute your upgrade. Think about how Microsoft typically offers updates to your current operating system. Rather than emailing you each time a new update or patch is available, these new files are either downloaded automatically or you’re notified directly on your desktop. If you’ve been paying attention, you’ve probably seen a notification giving you the option to upgrade to Windows 10 already.

If users fail to recognize this and follow the emails offer, however, they’re directed to a site to download files purporting to be Windows 10. It’s unclear how official this download page looks, but this is a good reminder not to download anything by following an emailed link. If this were a legitimate offer from Microsoft, you should be able to go to their official website yourself and find a way to download the update. Instead, users in this scam are downloading ransomware and then installing it on their devices.

With CT Locker unleashed, users see a warning pop up that informs them that their files have been encrypted and a ransom is demanded in order to unlock them. This ransom is 2-bitcoins, or about $600 and users are given 96 hours to comply. After that period, files are presumably lost forever. In most cases, these files aren’t unlocked and the malware isn’t made dormant even when a payment is submitted.

These emails have been spotted by users in the US, Russia, India, France and a number of other countries. While this is the first instance of Windows 10 being used in a malware scam, it’s not likely to be the last. The Windows 10 update is a perfect opportunity for cyber criminals to use these types of scams while users are already expecting to download files.

If any of your devices have been infected with malware and viruses, or just aren’t working the way they should, stop by and see us at Geek Rescue near 61st and Memorial, or give us a call at 918-369-4335.

September 24th, 2015