Criminals send spam around with e-mails that appear to come from Microsoft. But is actually a malicious link to the ransomware CTB locker.
Who is receiving an email invitation to a free upgrade for Windows 10 have to check carefully whether the message is really from Microsoft? Chances are realistic that it is spam of ransomware makers.
The mail contains an attachment of 743 KB and looks like a Windows 10-installer. Victims get a few days to pay ransom in Bitcoins because the malicious software encrypting their files.
The mail appears to come from firstname.lastname@example.org but comes from an IP address in Thailand. The first versions of the e-mails contain noticeable typos.
Remarkably for this ransomware is, that he really seems to disclose some files to his victims, if they have paid.
He does this through showing a complete list of hostage files and decrypt at request five of them for free.
In addition, the ransomware does not seem to only hostage files but is also searching for usefully confidential data.
If the cybercriminals get the chance to install malicious software on your computer, it remains under the control of the scammers.
Criminals abuse launch Windows 10
Even when paid, the risk will stay that the data remains encrypted for good. Microsoft therefore, asks urgently all citizens not to respond to these emails. The upgrade will be automatically rolled out by Microsoft through Windows Updates.
How to recognize the malicious mail?
- It is usually transmitted from ‘email@example.com.
- This generates trust at first sight but when looked closely, in the header can be seen that it is a Thai IP–address.
- The colors of the mail is in line with the color scheme of Windows 10 inclusive a blue background.
- The mail is written in English. However, some characters are incorrect.
- At the bottom is stated that the content is scanned by an antivirus scanner. According to the text, there are no viruses found. The message is linked to an existing open–source e-mail filter, so many people have been misled.
More scam reports? Click here……