The security team at Cisco warns users not to fall prey to a new spamming campaign sent by hackers with a malicious intent to spread the CTB-Locker ransomware.
The campaign is sent via email and is said to carry a pretentious Microsoft address (firstname.lastname@example.org). However, the team says, after tracing the IP address, the sender is found to have originated from Thailand.
At first glance, the email seems legitimate since it also displays the familiar blue and white color schemes that Microsoft has been using in marketing materials promoting Windows 10. The message comes with an attached .zip file purported to be software for installing Windows 10. In other words, the sender encourages users to upgrade to Windows 10 and take advantage of the chance to get it for "free."
"Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are currently using Windows 7 or Windows 8," said Cisco on its blog page. "This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain."
When the user installs the purported Windows 10 installer that comes as an attached file, the PC then becomes vulnerable to the ransomware that works by encrypting documents, media files and everything else that carries huge value to the user.
The Cisco team added "the functionality is standard, using asymmetric encryption that allows the adversaries to encrypt the user's files without having the decryption key reside on the infected system."
The user then receives a message that warns of losing documents, photos, databases and other important files. There is also a supposed deadline of 96 hours for the user to send money lest the files become permanently encrypted which, according to the message, is not capable of being recovered by anyone.
"If you pay the attacker in Bitcoin then it's a very smooth funding stream, the money goes directly to paying the [malware] development team," said Craig Williams, security outreach manager of Cisco's Talos team, in a statement to The Register. "That's why we're seeing such a fast development cycle in ransomware."
Cisco is advising users to back up their data and store their backups offline in order to keep them protected from attackers. The company adds that the threat of ransomware will most likely continue to grow since there is a way for hackers to monetize the machines that they compromise.