As we become more alert to the dangers of ransomware, hackers are seeking out more inventive ways to try and get their malware into our machines. These involve increasingly more authentic looking attempts at compromising large numbers of computers. The latest example of a very genuine looking scam is emails offering an upgrade to Windows 10.
Impatience to upgrade
The scam email is playing on users’ keenness to upgrade Windows 10 and using this notification from the “Get Windows 10” app to legitimise its malware: “Watch for your notification so that you can start your upgrade. Your notification to upgrade could come as soon as a few days or weeks.” Some 14 million users have already upgraded but many more are still waiting patiently after receiving this notification and an email that pops up headed “Upgrade to Windows 10 for free” could easily be the upgrade they’ve been waiting for.
What does the email look like?
The “Upgrade to Windows 10 for free” scam email appears to come from [email protected] but a closer look at the header reveals an IP address in Thailand. The email looks incredibly legitimate, using the same Windows 10 update app colour scheme and even incorporating the wording “This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.” However, the email contains a number of characters that don’t parse properly and the update is offered via a zip file – something that Microsoft would not do.
What effect does it have?
Users who open the zip file offered by the scam email, extract it and run the executable will find themselves hosting ransomware. Shortly afterwards, a CTB-Locker ransomware notice will appear and a time limit of 96 hours is provided in which to make a payment to unlock all the ransomed files.
What can you do?
If you see the ransomware notice then unfortunately there are two options: pay up or consider the data lost. If you want to try and avoid vulnerability in the first place, the easiest step is to block all executables in emails, including ones inside archive files – gateway products normally enable you to do this simply by turning the feature on. Back up your files regularly and think twice before you open any attachments sent to you in an email. For business, managed security services can ensure a enhanced degree of protection is in place and highlight areas where employees might need to be given training to stop them opening scam emails and compromising a network.
