HomeWindowsBeware: Fake Windows Update Installs Cyborg Ransomware

Beware: Fake Windows Update Installs Cyborg Ransomware



Unsuspecting Windows users are at risk of the new spam email spreading like a wildfire. The fake email contains information about a critical Windows update. However, when users take the bait and click the link on the email, it will lead to Cyborg ransomware being installed on their computers. We know how nasty a ransomware is and we don’t want anything to do with it.


This suspicious modus operandi was uncovered by security researchers at Trustwave SpiderLabs. They were able to get hold of the builder, which can be used to create different variations of a malware.

DON’T MISS: Check out Malwarebytes, the cybersecurity software that crushes what others don’t

Another thing to note about this Windows security threat is that the attached file in the spam email is shown as a .jpg file format, however when clicked it opens as an .exe executable file.

The Cyborg Ransomware Email Attachment

Cyborg Ransomware

The attached .jpg file is a malicious .NET download which is designed by the hacker to inject a malware called Cyborg ransomware into your system. The hidden executable file will download a file called ‘bitcoingenerator.exe’ after the .jpg attachment is clicked.

Properties of Cyborg Ransomware bitcoingenerator.exe file

After the Cyborg ransomware is installed on your PC, it will then start encrypting all your files and add 777 to their filenames. Once done encrypting, the malware will leave a ransom note with the file name ‘Cyborg_DECRYPT.txt’. Finally, the ransomware creates a duplicate of itself named ‘bot.exe’ at the root directory of the infected drive.

Here’s a statement from Trustwave:

“The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder. It can be spammed using other themes and be attached in different forms to evade email gateways. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware,”

What Users Should Do?

Something to keep in mind, Microsoft never sends updates using emails. It only pushes updates to users through the Windows updates feature in the settings.

The best way to stay secured is not to trust any email that proposes itself with an important Windows update. Avoid opening those emails and downloading the attachments they contain. Lastly, updating your anti-virus software can also help detect infected files early on and deter malwares such as the Cyborg ransomware from infecting your computer.

Images by Trustwave



Please enter your comment!
Please enter your name here

Recent Articles