Microsoft never sends updates via email. Many folks don’t know that, which is why a new ransomware campaign masquerading as a Windows 10 update is so pernicious.
You may have already gotten a fake notice saying “Install Latest Microsoft Update Now!” Or “Critical Microsoft Windows Update!”, with the body of the message asking you to “Please install the latest critical update from Microsoft attached to this mail,” with an apparent JPG file attached, (which is actually an executable .NET file).
Do NOT click on the attachment and delete the email immediately.
The file is a ransomware called Cyborg, which will encrypt all your files, lock their contents, and change their extensions to 777. As is typical of ransomware, you’ll also be delivered a file named “Cyborg_DECRYPT.txt,” which contains the instructions on how you can recover your files—if you pay the cybercriminal. You should never do that. There’s no guarantee that even if you fork over the cash, the cybercriminals will release your computer.
Trustware, which discovered the ransomware, says four variants are out there, spawned from somewhere in Russia, so you should be on the lookout for variations to the email notice, including those that are attached to other emails. The ransomware has the capacity to evade gateway controls.
Keep in mind that it’s always a best practice to be very cautious about unknown mails you get, and even those “apparently” from people you know, and never click on enclosed files in email unless you’re 100% sure of its source (which means: you need to make a separate effort to check it).
Know too, that Trend Micro Security has built-in protections against ransomware. Its Folder Shield protection can help stop it in its tracks from encrypting your precious files, as you can see in our video we’ve linked here.
When it comes to ransomware outbreaks, you can never be too cautious. Stay alert! Hoaxed emails can take many forms.