Beware: Fake Windows Update emails plant ransomware on PCs


Matthew Adams
by Matthew Adams
Author
Loading Comments

Decrypt GandCrab Ransomware

Trustwave researches have uncovered a Windows Update ransomware scam. The Trustwave team has duly updated its blog to warn users about a fake Windows Update email. The fraudulent email urges users to install a fake update by clicking an attached file that plants ransomware.

Ransomware is a type of malware that effectively holds users to ransom by locking some of their files. The authors then request ransoms to restore access to the files. The ransom often takes the form of a cryptocurrency total, such as bitcoins.

Here’s how this ransomware attack works

The ransomware campaign Trustwave’s SpiderLabs has alerted users to spams Windows Update emails. The email states, Please install the latest critical update from Microsoft attached to this email. It is pretty obvious that the email is somewhat suspicious as Microsoft never sends emails about critical system updates.

The email includes an attached file with a JPG extension, but it’s actually malware. That file has randomized titles and amounts to about 28 KB. When users open it, it executes some payloads from GitHub. The end result is encrypted user files with modified titles that include a 777 extension.

Thereafter, users will spot a new text document on their desktops. The document includes ransom demands for unlocking the affected files. It requests that users send $500 bitcoin to the authors. The ransomware note states:

Don’t worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted… You can send one of your encrypted file and we decrypt it for free. You must follow these steps to decrypt your files: send $500 bitcoin to wallet [wallet number].

The Trustwave team uncovered a Github account that included a ransomware repository. There they found a bitcoingenerator.exe that encrypts the files. Trustwave also found a YouTube video page that includes a link to the ransomware author on Github.

So, be weary of any Windows Update emails with attachments. Delete the update alert emails ASAP. Thereafter, users can check for genuine Windows 10 updates by clicking Check for Windows updates on the Update Windows 10 page.

Check out these anti-ransomware guide to protect your PC: