A new scam is all around the internet at the moment: Some people receive emails claiming to be from Microsoft regarding a Windows update. People who received this particular email must not open it!
The discovery
The scam was made public by security researchers from Trustwave’s SpiderLabs, who discovered the malicious email which claims to include an important and urgent update from Microsoft to ultimately infect the computer of the user with the cyborg ransomware.
The email
The title of the email sounds like “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update” which is a big red flag because Microsoft never pushes Windows updates through email, since they always release them through their operating system.
The text of the email reads: “Please install the latest critical update from Microsoft attached to this email”. If this wasn’t already suspicious enough, the attachment of the email is a “.jpg” image which actually isn’t a picture but instead is an “.exe” file, which turned out to be a malicious .NET download designed by the attackers to install malware on the targeted system.
The Cyborg ransomware
After clicking the attachment from the email, the hidden executable within it accesses and downloads a file named “bitcoingenerator.exe” from a GitHub page with the name misterbtc2020.
After activation, the ransomware encrypts all of the files of the system it’s installed on and then appends them with a custom extension “777”. At this point, the system is compromised, a ransom note with the filename “Cyborg_DECRYPT.txt” is left on the desktop and ultimately the ransomware leaves a copy of itself named “bot.exe” at the root of the infected system.
