Hi guys, Mima here!
Today I'm going to chat about the Win 10 Update Email Scam (Cyborg Ransomware) and why this particular scam is laughed at by IT Professionals.
I will start off by saying that hackers are dangerous and malicious attacks can and have affected companies in a negative way.
That said, this particular case has some humor built into it.
The latest malicious email going around looks like a Windows Update,, but contains ransomware.
If you are not aware, ransomware is a type of malware that locks your data until a large ransom is paid.
The email subject line says “Install Latest Microsoft Update now!” or “Critical Microsoft Windows Update!”
Sounds legit.... No! Don't open it!
This scam was discover by security researchers at Trustwave's SpiderLabs and they have identified this malware disguised as a Win 10 Update as "Cyborg" ransomware.
How does Cyborg ransomware works? When a user clicks and installs it, the malicious program will lock your files until a ransom in the form of bitcoins is paid.
A bitcoin is a type of digital currency. People make transactions on the peer to peer bitcoin network without the need for a bank.
Windows Updates are meant to keep your system safe from hackers and security bugs. Microsoft releases patches and updates very frequently, so hackers are now taking advantage of users that are not fully informed of malicious attacks. Some users see the win update email and assume it is from Microsoft and that they need to update now.
But remember, Microsoft does not announce win update via email.
Now, the funny part about this particular scam is that the users have to perform a tedious task in order for the hackers to win.
This fake win update email scam is laughed at because the attachment is not in the form of an installer - it is a jpg.
That is smart in terms of hiding its true intentions, but not when you need the software to be installed on the device.
So in order for this particular email scam to work, users will have to download the jpg, change the file type to an exe installer and then install it.
Users either don't know how to do that or don't have the time!
But again, malicious attacks are dangerous and it is important to avoid them at all cost.
3 main Tips to identify malicious emails
1, Take note of the senders email address. If it looks suspicious, don't open it
2. Avoid opening unfamiliar attachments or links. If the link has a URL with a series of chaotic letters and numbers, don't trust it.
3. Most important tip - If it asks for personal info, its fake. Never give out SSN, bank info, etc
That is it for now! Stay in touch for more tech fun!