Windows 10 Update Brings New Opportunity for Ransomware

By Steve Anderson August 07, 2015

The Windows 10 upgrade has prompted plenty of reaction from the computing community, with some eager to switch and others prepared to wait as long as possible before being forced to do so. But the waiting crowd has one more reason to hold up for its wait: a spike in ransomware incidents around the new software.

Cisco's security research arm, known as the Talos Group, spotted a spam operation late last week and started putting the word out about its existence. It operates in fairly standard fashion; it sends out fake emails disguised as being Microsoft-based, advertising the free upgrade. But once users download the attached zipped file, then extract and execute said file, that's when the horror show starts. The file contains the means to infect a system with CTB-Locker, an asymmetric encryption system that allows files to be encrypted, but without the decryption key being placed on the system in question.

Image via Symantec

Once successfully in place, the system then begins behaving like standard ransomware, demanding a Bitcoin-based payment and transfer of encryption keys through the TOR system. Given the distributed nature of Windows 10 upgrades, it would be comparatively easy to get at least some to believe that the fake message is actually from Microsoft and that it's just the user's turn to upgrade. Talos recommends that users make it routine practice to back up data to offline facilities, and also upgrade anti-malware programs as available, when available.

Image via Shutterstock

As Talos noted here, this is perhaps the biggest problem: the way the Windows 10 updates were set up makes it pretty much an inevitability that something like this would step in. Users are, as Talos put it, having to “...virtually wait in line to receive this update,” and that makes a great opportunity for ransomware users to step in and tell people at random “your turn is ready.” Then when users go to make the download, suddenly there's the ransomware waiting to strike and brick a perfectly good computer. This might have been a good time for Microsoft to actually go back to discs; filing a user's name and mailing address with Microsoft—which is some of the least dangerous personal information to file with a company; good luck running up false credit card charges with information that can easily be taken from any phone book and nothing else—and then having Microsoft mail out a single DVD (reports suggest the Windows 10 download is about three gigabytes, so a DVD should cover it) to run the installation would take the ransomware out of the equation.

Of course, Talos' other advice also works well here; keep files backed up in offline storage and keep the antiviral and antimalware tools up to date, so that malware has the least chance of getting through and doing comparatively little damage if it does. If ransomware no longer yields payments, it will likely stop being used. It's easy to say that Microsoft may not have had the best idea in distributing its updates, but a better response is to put blame squarely where it belongs: with those who employ ransomware in the first place.




Edited by Dominick Sorrentino

Contributing TechZone360 Writer

SHARE THIS ARTICLE
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More