Spammers hit new Windows 10 users with ransomware

ransomwareSecurity experts are warning Windows fans not to fall for a new spam campaign designed to trick users waiting for the new version of the OS to open an attachment crammed with ransomware.

Cisco’s Talos team claimed in a blog post that the spam run was a typical attempt to ride the coat tail of this popular event in order to get the attention of as many email recipients as possible.

“The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign,” they stated.

The spammers themselves have taken several steps to make their emails appear to have been sent by Microsoft, including a spoofed “from” address of ‘’ even though the IP address is linked to a machine in Thailand.

The color scheme used throughout the unsolicited message is also very similar to that use by the Windows team, and the attackers have added in both a disclaimer and a message claiming the email has been scanned by anti-virus.

However, they failed to spot several mistakes in the text of the message characters which haven’t parsed properly.

“This could be due to the targeted audience, a demographic using a non-standard character set, or the character set the adversaries were using to craft the email,” Talos claimed.

If a user is tricked into opening the zip attachment to get their copy of ‘Windows 10’ and runs the corresponding executable, they will find their machine made unusable thanks to CTB-Locker.

This crypto-ransomware variant gives users 96 hours to pay a fee or face all of their computer files being lost forever.

It uses elliptical curve encryption which is said to have lower overheads than other types and hosts much of its infrastructure on Tor to avoid detection. Users must make payments in Bitcoins to make tracking even more difficult.

As I have mentioned in previous articles, the threat of ransomware is growing and will continue to grow as long as users give in to the tactics. As a defense, I encourage all users to backup their data in accordance with your companies best practices. Your backups should be stored offline to prevent them from being targeted by attackers.

On August 4, 2015, posted in: Blog, Security by

Tags: ,