A new type of ransomware threat has been detected being distributed by email. Most tech-savvy PC users probably will not be fooled by this threat, but this information could be extremely useful for others.
The bogus email carries one of the following titles:
“Critical Microsoft Windows Update!” or “Install Latest Microsoft Windows Update now!
Once this e-mail is opened message body displays the following message (with capital letter typo)
“PLease install the latest critical update from Microsoft attached to this email.”
An email also carries an attachment with .jpg extension that actually is an executable (.exe) file, which downloads and installs ransomware from a remote server. Once a user clicks on the infected .jpg file a bitcoingenerator.exe will be downloaded from the Github account misterbtc2020. Luckily, the misterbtc2020 account has already been removed, but that doesn’t mean another similar ransomware variant won’t emerge under a different account name.
Once installed the ransomware starts encrypting all of the files available on the local, removable or network drives and creates an unencrypted text file Cyborg_DECRYPT.txt on the desktop. The text file holds a ransom note with instructions on how to pay $500 in Bitcoin currency in order to receive the decryption key.
I’m just wondering to see what kind of users this ransomware is intended for? Not many users think that Windows Updates are deployed via e-mail, while on the other hand, those same users can easily set up a payment in cryptocurrency.