The Windows 10 rollout has been relatively smooth, but there are plenty of users who never received the Get Windows 10 app and are still waiting in line for their turn to update. Unfortunately, scammers have seen how desperate Windows users are for the update, which is why it should come as no surprise that a phishing campaign has been discovered.
According to Cisco’s Talos Group, scammers impersonating Microsoft have begun sending out emails informing individuals that they are eligible to upgrade to Windows 10. The email appears to come from an official Microsoft address, firstname.lastname@example.org, adding to its authenticity, but don’t be fooled — Microsoft isn’t going to send you an email with Windows 10 as the attachment.
There are several blatantly obvious signs in the body of the email as well, most notably characters which don’t parse properly. You can be certain that any official emails from Microsoft will use characters that display correctly on your device of choice.
If you were to ignore all of these signs, download the .zip file, extract the software and run the executable anyway, you would immediately find your computer locked by a ransomware variant called CTB-Locker. Here’s what it looks like:
“The threat of ransomware will continue to grow until adversaries find a more effective method of monetizing the machines they compromise,” says the Talos Group. “As a defense, users are encouraged to backup their data in accordance with best practices. These backups should be stored offline to prevent them from being targeted by attackers.”
See a video of someone installing the ransomware at this link.