Windows 10 Upgrade Spam Carries CTB-Locker Ransomware

August 3, 2015 – 8:12 PM

In the week since a free upgrade to Windows 10 was made available, users have learned a of about a host of built-in privacy and security issues, the most troubling being a native feature called Wi-Fi Sense that grants access to your Wi-Fi network to contacts stored in a host of online services.

Now hackers are in on the game. The inevitable Windows 10 spam and phishing emails have surfaced, including a serious threat via a spam campaign spoofing Microsoft and ultimately dropping ransomware on users’ machines.

Researchers at Cisco TALOS said on Friday they spotted spam carrying an archived attachment from an email address in Thailand spoofing update at Microsoft[.]com. Users who download and execute the files inside the zip archive are hit by the CTB-Locker brand of ransomware. CTB-Locker behaves like most strains of crypto-ransomware; it’s spread via email, exploit kits or drive-by downloads, encrypts documents stored on the computers and demands a ransom paid in Bitcoin in exchange for the encryption key. This campaign gives users a 96-hour window to deliver payment, which is shorter than other campaigns making use of CTB-Locker.

CTB—also known as Critroni—stands for Curve-Tor-Bitcoin, and uses elliptic curve cryptography to encrypt files, and uses the Tor anonymity network for command and control operations.

The current Windows 10 spam campaign has a chance to be quite lucrative, given the thirst most consumers have for the latest and greatest technology. Users, however, must first reserve their spot in a queue in order to get the free upgrade to Windows 10. The spam emails may trick victims into thinking this is their notification from Microsoft to upgrade; legitimate upgrades are done via download, not email, Microsoft said.


You must be logged in to post a comment.