Fake Windows Update Installs Ransomware on PCs

Fake Windows Update Installs Ransomware on PCs

One such campaign claims to be from Microsoft, advising people to update Windows, but doing so will install ransomware on a computer.

Researchers from Trustwave’s SpiderLabs discovered the spam emails, which come with an ‘Install Latest Microsoft Windows Update now!’ or ‘Critical Microsoft Windows Update!’ subject line. Microsoft, of course, doesn’t send out Windows updates through email.

The messages contain just one sentence, and the first word begins with two capital letters, making it appear even less legitimate. Recipients are asked to click an attachment to download the ‘update.’ While the file has a .jpg extension, it’s actually an executable .NET downloader that delivers malware to the infected system.



Clicking on the file will download another executable, this one called bitcoingenerator.exe from a (now-removed) Github account named misterbtc2020. Like the email attachment, this is .NET compiled malware—the Cyborg ransomware.

As with other ransomware, bitcoingenerator.exe encrypts users’ files and changes their extension to its own: 777. The ransomware also leaves a copy of itself called ‘bot.exe’ hidden at the root of the infected drive.

Victims will then find a ransom note named “Cyborg_DECRYPT.txt” on their desktop, which demands $500 to decrypt the files.


Share this post

Comments (2)

  • Conor Morgan Reply

    I take pleasure in, cause I found exactly what I was looking for. You’ve ended my four day long hunt! God Bless you man. Have a nice day. Bye

    December 16, 2019 at 12:19 am
  • Glenn Cassity Reply

    A formidable share, I simply given this onto a colleague who was doing somewhat analysis on this. And he in reality purchased me breakfast as a result of I discovered it for him.. smile. So let me reword that: Thnx for the treat! However yeah Thnkx for spending the time to debate this, I really feel strongly about it and love studying more on this topic. If doable, as you change into expertise, would you mind updating your blog with more particulars? It is extremely useful for me. Massive thumb up for this weblog put up!

    May 26, 2020 at 3:02 pm

Leave a Reply

Your email address will not be published. Required fields are marked *