Ransomware targets Windows 10 Update
TrustWave SpiderLabs security researchers have uncovered a malware that is bound to claim lots of victims, especially since its source has been associated with a trusted name like Microsoft. The research report says that the Windows 10 Update Malware attacks victims through email, creating fake urgency. However, this is not the usual ‘bait through link’ type of malware but rather a more advanced form of ransomware.
Working of this ‘Cyborg’ ransomware
Randomly selected users have received emails with a typical subject line saying that an urgent update for Windows 10 is needed for the user’s machine to run smoothly. The body of the email contains just a single line saying that the update is critical and needs to be installed without delay. The attachment of the email is a “.jpg” file which is in fact an executable file hiding behind the seemingly harmless image. This triggers a malicious .NET download that acts as a vehicle for the malware to infect your system. The file is called ‘bitcoingenerator.exe’ from a GitHub account with the name ‘misterbtc2020’. This file is the .NET compiled malware known as the Cyborg ransomware.
The Cyborg becomes actives on the victim’s machine and starts encrypting all the files with its corruptible encryption extension, ‘777’. A ransom note is then created on the desktop with the title ‘Cyborg_DECRYPT.txt’. Such ransom notes are typically used by blackmailers to state their demands, and states that the malware actions won’t be undone until these are met. Additionally, the Cyborg leaves its copy deep within the root directory of the hostage machine.
How is this Malware structured?
SpiderLabs researchers have found out that the code for this malware has been snatched from GitHub, which is an online community of developers from all over the world. A GitHub repository was found containing binary ‘builder’ files. This makes the malware even deadlier, since these are accessible by everyone. A malintent intruder can very easily pick this repo up and create a new ruse to claim more victims. Once people are aware of the Windows 10 Update act, they might become cautious, so the cyber-criminals will come up with a newer trick to bait victims. That’s how such coded malwares turn into reusable ‘templates’, making them more difficult to combat.
Tackling the problem
First and foremost, it is important to note that Windows always pushes update through its OS, and never sends any emails for critical updates. A little vigilance can go a long way in securing yourself. Stay up to speed with current happenings in the cyber-world. You do not have to be a technical person to understand the dynamics of malware threats.
But supposing a malware does find its way to your system, make sure all your security patches are properly installed and your system is protected with a antivirus/anti-malware software.
Logix’s solution to Malware Attacks
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system, designed to detect and prevent email spoofing. It is an email authentication standard for receiving mail servers to determine how to evaluate emails that claim to be from your/sender domain & works on “mail from” address. You can find the complete working of this system on our service portal. Our team will handhold you through a well-defined action plan to achieve maximum security compliance for your organization. Our Cloud Email Advance Threat Protection service accurately detects email-borne threats such as Ransomware, BEC, Domain Spoofing, Advanced Malware, Spear Phishing & Display Name Spoofing. We specialize in scanning domain spoofing using Domain Authentication techniques of rDNS, SPF & Sender ID, DKIM & DMARC.
Stay safe by uncovering patterns in Email Traffic through DMARC Monitor.