Windows 10 November 2019 Update (Fake Update, Ransomware)
Have you installed Windows 10 November Security update? Is it Real or Fake?
Windows 10 November 2019 security update was rolled out recently, and people have started to download and install it as Windows 7 support is going to end soon. This has given a golden opportunity to cybercriminals and they are taking advantage of it by introducing fake Windows update to users.
As per security researchers at SpiderLabs, a new ransomware campaign has been found in the latest Windows 10 November 2019 update. Users are getting emails regarding the fake update of November 2019 Windows update (it is recommended not to Download and Install). These researchers have tested and discovered Fake Windows 10 update which installs “Cyborg Ransomware” in your PC.
Users will first receive an email regarding Downloading the updates like “Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update Now”. With this fake email, attachment has a “.jpeg” file which is not a picture; it’s an executable file.
Now, this executable file will download another executable file called bitcoingenerator.exe, which is designed by the attackers to deliver malware in your system. This file contains Cyborg Ransomware that encrypts a victim’s system and leaves a ransom note on the desktop.
Cyborg Ransomware is highly effective because the files encrypted by it locks system files that affect the system. And these files cannot be decrypted without paying the ransom. Cyborg Ransomware can be created and spread easily as its code is easily accessible and can be spammed using the Windows theme or sending it to the user’s email address. Since Windows 7 users will not be able to get any security updates after January 2020 attackers are taking advantage of it and are sending the fake updates to infect the computers through emails.
If users want to unlock the system file, the Cyborg Ransomware will demand $500-$600 of Bitcoin to a Wallet address specified in the text file. Since SpiderLabs already discovered three malicious viruses, however, we will advise users not to install this Windows security update or open these kinds of emails as they advise to download the latest updates using the built-in Windows update tool.
How This Malware Works
The fake Windows mail contains a .jpeg file which is an executable .NET file that can infect your computer. It will download a program named “bitcoingenerator.exe” which comes from misterbtc2020(a GitHub account). It’s a Ransomware called Cyborg.
Cyborg will encrypt all files, lock all contents and change their extension to 777. Users will notice another file on their Desktop named “Cyborg_DECRYPT.txt” which contains how to recover your life-for a price. Be it businesses or individuals, this malicious software poses a threat as it comes with the capability to get attached to emails & dodge any gateway controls.
Windows updates are essential for every PC and we always recommend users to download and install updates from built-in Windows update tool. Therefore, never pay attention to emails sent from unknown emails and delete them immediately. We, as users, must be aware of such information as this ransomware could corrupt or brick your system, allowing hackers to enter your system. And always install the best Antivirus protection in your system to prevent these types of incidents.