If you receive an email claiming to be from Microsoft and ask for the installation of so-called critical updates, delete the email immediately. Security firm Trustwave recently discovered new traces of malicious program activity that used e-mail to spread, masquerading as a Windows update to infect devices with Cyborg ransomware.
This is a very typical form of attack, starting with an e-mail message to potential targets that contains fake Windows updates. The update appears to be using the JPG file extension, which is actually an executable file that, once started, downloads additional payloads from GitHub.
Trustwave explained: “According to our investigation, the infected device will download a file called bitcoingenerator.exe from a GitHub account called misterbtc2020, which was active a few days ago and has now been deleted.” The file contains the btcgenerator repository. Like an attachment, this is. NET-compiled malware, known as Cyborg ransomware. “
After the ransomware infects the device, the user files are encrypted and renamed using the “777” extension. At this point, the user file is locked and the ransomware places the text document on the desktop to give the victim instructions on how to obtain the decryption key.
“Don’t worry, you can redeem all the files!” the ransom ware message read. You can send an encrypted file, sic, and we’ll decrypt it for free. You must decrypt the file by sending $500 bitcoins to your wallet (wallet number) and then sending a notification to our mailbox. “
Trustwave warns: “Anyone who owns the Builder can create and distribute Cyborg ransomware. Attackers can use different topics to trick users into clicking and in different forms to evade censorship by the e-mail gateway. An attacker could use a known ransomware extension to mislead an infected user into identifying the ransomware. “
Needless to say, the easiest way to protect yourmindable is to avoid opening e-mail messages and downloading attachments. Updating security software can also help detect infected files and prevent ransomware from infecting your device.