According to Cisco, cyber criminals are impersonating Microsoft in an attempt to exploit their user base for monetary gain. They are doing this by spoofing the email to look like it is coming directly from Microsoft (updatemicrosoft.com). The email purports to contain the installer package for Windows 10. The attackers are even using a similar colour scheme to the one used by Microsoft. Cisco experts have been able to unmask the attackers, establishing that the message actually originated from IP address space allocated to Thailand.
Once a user opens the email, downloads the attached zip file, extracts it, and runs the executable, the user then gets a message informing that their PC is infected and their files are encrypted by CTB-Locker. They are then told to pay a certain amount of money within 96 hours to have their files decrypted or they lose those forever.
CTB-Locker is a notorious ransomware variant. The malware uses asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.
Cisco recommends keeping a current backup of your files at all times.
These backups should be stored offline to prevent them from being targeted by attackers.
Microsoft isn’t distributing Windows 10 through email attachments or links embedded in emails.
If you have signed up for the OS, it will be automatically downloaded onto your system at some point in the next few days or weeks, and you will receive a notification on your PC when it’s time.
So delete any such mails

• Previous Entry: Management Reporter 2012 CU13
• Next Entry: Synergy MMS for hospitality