Windows 10: Ransomware disguised as Win 10 update

Discus and support Ransomware disguised as Win 10 update in AntiVirus, Firewalls and System Security to solve the problem; Thought i would post this here but maybe the "news" section would benefit , if this is old news my apologies but it's scary. Beware! That Windows... Discussion in 'AntiVirus, Firewalls and System Security' started by fredc, Sep 3, 2015.

  1. fredc Win User

    Ransomware disguised as Win 10 update


    Thought i would post this here but maybe the "news" section would benefit , if this is old news my apologies but it's scary.


    Beware! That Windows 10 update message could be ransomware in disguise


    A new virus is on the loose and it’s targeting users waiting for their Windows 10 update. A variant of CTB (Curve-Tor-Bitcoin) Locker is currently being downloaded on to Windows 7 and 8 users at alarming rates. If you are waiting for your Windows 10 upgrade, please read the details below and proceed with caution when downloading anything from an email attachment.
    It starts with an email

    This new threat actor has a clever way of making its way onto your system. Since many people are eagerly awaiting their Windows 10 update, scammers developed a convincing email campaign to lure people into downloading their ransomware.

    Ransomware disguised as Win 10 update [​IMG]
    A screen shot of the offending email. Source: Cisco Blogs
    As you can see, the email has the appropriate color scheme as well as a believable email address: L: update@microsoft.com. The scammers have even gone so far as to include a little note at the end that may give the recipient a false sense of security:

    Ransomware disguised as Win 10 update [​IMG]
    Don’t be fooled! This email is NOT safe. Source: Cisco Blogs
    And then they demand you pay up

    Once an unsuspecting victim downloads the false update to their computer and runs it, they’ll see this message:

    Ransomware disguised as Win 10 update [​IMG]
    The CTB-Locker message. Source: Emsisoft
    The victim will find that their files have been encrypted and will not open properly, and like most ransomware variants, the decryption key will not reside on the infected system. The user allegedly has 96 hours before the decryption code is destroyed and the only way to get a hold of it before then is to pay an outrageous $200 USD.
    Early detection is key

    As eager as you may be for the latest Windows 10 update, please be aware that so many cyber criminals are waiting to take advantage of you! Be wary of emails with typos, strange characters, and in the case of the phishing email above, an IP address from an unexpected part of the world (in this case, Thailand).




    :)
     
    fredc, Sep 3, 2015
    #1
  2. ausgumbie Win User

    Beware Ransomware Attack if upgrading to Win 10.

    Hi all

    This is pointed up in other places but it won't hurt in the retelling for those upgrading to Windows 10.

    I received this from staysmartonline (Aust. Govt.) to which I subscribe:

    "Fake Windows 10 update leading to ransomware attack: Alert Priority High

    Ransomware disguised as an installer of the new Microsoft Windows 10 operating system is encrypting Australian user and business computers.

    The ransomware resides in an email that claims to be from Microsoft which offers a free upgrade to Windows 10. The email contains a zip file attachment, which contains a program labelled as the Windows 10 installer.

    However, if you run this program, it will encrypt any important files, including Word documents and photos on your computer.

    If you receive an email offering a free upgrade to Windows 10, we advise that you delete the email and do not open it or any attachments.

    Windows users interested in upgrading their computer can register via Microsoft’s official website. Windows 10 updates will then be facilitated by a program on your computer, not via an email offer."

    And so it goes on...

    The word is certainly out there although some (like me) twig to it a bit slower than others. This post is for them. See, e.g.:

    https://www.google.com.au/?gws_rd=ssl#q=windows+10+ransomware+alert


    Cheers
     
    ausgumbie, Sep 3, 2015
    #2
  3. I think im being scammed by www.****.com

    Well.. as result of this scam and other issues on my pc, i reformatted my drive and did a clean install of win 10.. but... i guess the lesson learned is, never let your guard down against scammers.. they can disguise themselves as anything...
     
    DKflip1981, Sep 3, 2015
    #3
  4. Ransomware disguised as Win 10 update

    Thanks for your Post!

    *Thumbs
     
    Cluster Head, Sep 3, 2015
    #4
  5. fredc Win User
    Your welcome but i think i should of held off , seems like it's old news and i should of posted in the Win 7 forums forum , thats probably where it would be relevant, if at all .

    If "brink" doesn't think it's relevant here i hope he deletes it , i should have researched further .
     
    fredc, Sep 3, 2015
    #5
  6. ram1220 Win User
    Actually I don't read the Win 7 forum. I am happy you posted it here. I have passed this info on to friends and family that still use Win 7.
     
    ram1220, Sep 3, 2015
    #6
  7. axe0 New Member
    This is indeed pretty old news, but it is always good to post it for those who aren't aware of this *Smile
     
    axe0, Apr 5, 2018
    #7
Thema:

Ransomware disguised as Win 10 update

Loading...
  1. Ransomware disguised as Win 10 update - Similar Threads - Ransomware disguised update

  2. cmd Worm disguised as shortcut

    in AntiVirus, Firewalls and System Security
    cmd Worm disguised as shortcut: The final question would be “How do I find what keep adding this cmd/worm to my usb?“This is my documentation of the worm, hopefully this can help people as I am still stumped by it.In the version I encounter in 2011-2 the worm simply hide the file as protected system. Now...
  3. cmd Worm disguised as shortcut

    in Windows 10 Gaming
    cmd Worm disguised as shortcut: The final question would be “How do I find what keep adding this cmd/worm to my usb?“This is my documentation of the worm, hopefully this can help people as I am still stumped by it.In the version I encounter in 2011-2 the worm simply hide the file as protected system. Now...
  4. cmd Worm disguised as shortcut

    in Windows 10 Software and Apps
    cmd Worm disguised as shortcut: The final question would be “How do I find what keep adding this cmd/worm to my usb?“This is my documentation of the worm, hopefully this can help people as I am still stumped by it.In the version I encounter in 2011-2 the worm simply hide the file as protected system. Now...
  5. can a Virus disguised as atlas VPN?

    in AntiVirus, Firewalls and System Security
    can a Virus disguised as atlas VPN?: Ever since I let a program thru my Atlas VPN started acting weird and sometimes named different ect . I have deleted everyhting I could find and reinstalled Atlas a dozen Times same thing it doesnt work like it should. I also got Adobe Illistrator off a torrent I KNOW and my...
  6. Laptop disguised as a desktop?

    in Windows 10 Support
    Laptop disguised as a desktop?: I saw this gaming PC online : Mini gaming PC computer intel i9 8950HK gamer computador 6 core windows 10 NVIDIA graphic card GTX1650 fashion design wifi BT|Desktops| - AliExpress That link shows you the exterior of the unit ... which gives the appearance of a lay-flat...
  7. Ransomware settings in win 10 pro

    in AntiVirus, Firewalls and System Security
    Ransomware settings in win 10 pro: Hi, I have a laptop that came with windows 7 pro which I upgraded to win 10 pro. At the moment it's version 1903. Currently when I try to enable ransomware protection a popup appears saying in essence that the 'system administrator has limited access to some areas of this...
  8. Windows 10 Ransomware

    in AntiVirus, Firewalls and System Security
    Windows 10 Ransomware: [ATTACH]is this True ??? It doesnt looks fake news because posted by Techradars please https://answers.microsoft.com/en-us/windows/forum/all/windows-10-ransomware/1f79956f-e9d1-468b-8a34-ed5e61ce9998"
  9. Telegram Messenger disguised as Malware

    in Windows 10 Software and Apps
    Telegram Messenger disguised as Malware: i noticed when i had telegram messenger opened up that some sort of Malware got into the application on my Desktop PC and somehow i can't find anything relating to the Telegram Virus as it looks like someone must have broke into the app and sent out viruses. 138240
  10. Win 10 Ransomware protection blocks iTunes

    in AntiVirus, Firewalls and System Security
    Win 10 Ransomware protection blocks iTunes: Enabled Ransomware protection and now iTunes won't open. If I turn it off iTunes opens fine. I assume its because a default folder that iTunes uses (Music?) is part of the protected folders. I use the iTunes program, not the new app that MS recently added to their store. I...