Update warnings sent on email to potential targets

Nov 19, 2019 18:00 GMT  ·  By

If you receive an email claiming to be from Microsoft and asking to install a so-called critical update, just delete it.

Security company Trustwave has discovered a new malicious campaign that relies on warnings and hoax Windows updates sent via email to infect devices with the Cyborg ransomware.

The attack employs a rather classic approach and starts with an email sent to potential targets and including a fake update attached to the message.

The update, which appears to be using the JPG file extension, is actually an executable file, and once launched, downloads additional payloads from GitHub.

“The file bitcoingenerator.exe will be downloaded from misterbtc2020, a Github account which was active for a few days during our investigation, but is now removed. It is contained under its btcgenerator repository. Just like the attachment, this is .NET compiled malware, the Cyborg ransomware,” Trustwave explains in its analysis of the malicious campaign.

Don’t download the attachment

Once the ransomware infects the device, user files are encrypted and renamed to use the “777” extension.

At this point, user files are locked down, and the ransomware places a text document on the desktop to provide instructions to the victim on how to get the decryption key.

“Don’t worry, you can return all your files! You can send one of your encrypted file [sic] and we decrypt it for free. You must follow these steps To [sic] decrypt your files: send $500 bitcoin to wallet [wallet number], write on our email [email address],” the message reads.

“The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder. It can be spammed using other themes and be attached in different forms to evade email gateways. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware,” Trustwave warns.

Needless to say, the easiest way to remain secure is to avoid opening the emails and downloading the attachments. Updating your security software can also help detect the infected files and prevent the ransomware from reaching your device.