HomeWindowsBeware: Fake Windows Update Installs Cyborg Ransomware

Beware: Fake Windows Update Installs Cyborg Ransomware

ransomware

Author

Eddie Mendoza Jr
Eddie Mendoza Jr

Updated On

Reading Time

2 min.

Quick Summary

Unsuspecting Windows users are at risk of the new spam email spreading like a wildfire. The fake email contains information about a critical Windows update. However, when users take the bait and click the link on the email, it will lead to Cyborg ransomware being installed on their computers. We know how nasty a ransomware is and we don’t want anything to do with it.

Fake-Windows-Update-Installs-Cyborg-Ransomware-Trustwave

This suspicious modus operandi was uncovered by security researchers at Trustwave SpiderLabs. They were able to get hold of the builder, which can be used to create different variations of a malware.

DON’T MISS: Check out Malwarebytes, the cybersecurity software that crushes what others don’t

Another thing to note about this Windows security threat is that the attached file in the spam email is shown as a .jpg file format, however when clicked it opens as an .exe executable file.

The-Cyborg-Ransomware-Email-Attachment
The Cyborg Ransomware Email Attachment

Cyborg Ransomware

The attached .jpg file is a malicious .NET download which is designed by the hacker to inject a malware called Cyborg ransomware into your system. The hidden executable file will download a file called ‘bitcoingenerator.exe’ after the .jpg attachment is clicked.

Cyborg-ransomware-bitcoingenerator-exe
Properties of Cyborg Ransomware bitcoingenerator.exe file

After the Cyborg ransomware is installed on your PC, it will then start encrypting all your files and add 777 to their filenames. Once done encrypting, the malware will leave a ransom note with the file name ‘Cyborg_DECRYPT.txt’. Finally, the ransomware creates a duplicate of itself named ‘bot.exe’ at the root directory of the infected drive.

Here’s a statement from Trustwave:

“The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder. It can be spammed using other themes and be attached in different forms to evade email gateways. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware,”

What Users Should Do?

Something to keep in mind, Microsoft never sends updates using emails. It only pushes updates to users through the Windows updates feature in the settings.

The best way to stay secured is not to trust any email that proposes itself with an important Windows update. Avoid opening those emails and downloading the attachments they contain. Lastly, updating your anti-virus software can also help detect infected files early on and deter malwares such as the Cyborg ransomware from infecting your computer.

Images by Trustwave

READ MORE ON:
Windows

Windows Dispatch is a website supported by its readers & community. Some pages may contain affiliate links which may allow us to earn a little money when you buy through them.

Affiliate Disclosure
Eddie Mendoza Jr
Eddie Mendoza Jr
Eddie has a degree in Information Technology with a natural inclination towards troubleshooting devices. With more than 10 years of blogging experience in different niches, he has found it most satisfying when writing easy-to-follow guides and simplified articles related to computers, smart TVs, mobile devices and Internet-based services.

Further Readings

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Articles

Trending

© Copyright 2024 - windowsdispatch.com