A fake Windows update email is being used to infect devices with ransomware.
Cybersecurity company Trustwave spotted an email that claims to be from Microsoft and warns the recipient to update their operating system.
The email contains the subject line “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!”, and a message stating “Please install the latest critical update from Microsoft attached to this email”.
The attached “update” file has a .jpeg extension, but it is actually an executable .NET downloader.
Once this file is opened, additional payloads are pulled from a GitHub account named “misterbtc2020” and an executable called “bitcoingenerator.exe” encrypts the victim’s files, rendering them inaccessible.
A text file with the name “Cyborg_DECRYPT.txt” is left on the user’s desktop, demanding that $500 in bitcoin be transferred to a specified cryptocurrency wallet to decrypt their data.
Trustwave said the associated GitHub account has since been removed, but Windows users should remain wary of any further attempts to install ransomware through false update alerts.
The company added that any malicious actor with access to the Cyborg ransomware builder can attach this malware to an email.
It recommended that users who receive similar emails not open any email attachments or links from unknown sources.
Trustwave noted that Microsoft will never push patches to its operating systems via email. Microsoft deploys and installs updates to Windows systems through the built-in Windows Update feature.