Emails promising to offer a free upgrade to Windows 10 from ‘Microsoft’, in a similar blue colour to the one Microsoft uses but with weird ‘A’ symbols in the body of the text are fake.
Coming from Thailand, the emails seem to have copied and pasted text from Microsoft’s site about the benefits of Windows 10.
However the weird ‘A’ symbols in the email are a dead giveaway that something is wrong, as is the fact the email comes with a .zip attachment called ‘Win10Installer.zip’.
However some people seem to be ignoring this and are getting comfort from the fake assertion in the text of the email that the email has been scanned by malware scanners and proclaimed safe.
However, once you open the attachment - you’ll see the message in the image above - that ‘your personal files are encrypted by CTB-Locker’.
The message states ‘Your documents, photos, databases and other important files have been encrypted with stronger encryption and unique key, generated for this computer’.
The threat continues, stating: ‘Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key’.
You are given 96 hours to pay up, otherwise you receive the threat that your files ‘will be permanently crypted (sic) and no one will be able to recover them.’
A ransom of hundreds of dollars which must first be converted to bitcoin is normally requested as the ransom to release your files back to their pre-encrypted state.
The news comes via Cisco, which is warning the world via its blog that ‘the ransomware is being delivered to users at a high rate.’
A video of the malware at work, courtesy of Cisco, can be seen here in this YouTube video:
The best defence against ransomware is to make multiple online and offline backups, so that even if some backups to hard disks connected to your computer doing continual backups are also encrypted, you have unencrypted, safe backups that you can recover from.
You also need to be hyper-aware of attachments from unknown and untrusted sources - even if they appear to come from friends or people you know.
These details can be faked and it can be safest to not open any attachment you aren’t expecting - and even then, think twice!
Naturally you should run up-to-date Internet security software, but sadly this is not a guarantee that you’ll be protected from ransomware.
Ransomware and viruses can also be downloaded from untrusted sources on the Internet or via sites delivering pirate media and software, so again, you need to be very careful about what you download from where.
Really, the best defence is multiple online and offline backups as well as hyper vigilance over email attachments - anything purporting to come from a government department for a fine, or for taxes, or for free Windows 10 upgrades or anything else should definitely be placed under suspicion.
If in doubt, don’t open any attachments you’re unsure of, don’t download anything you shouldn’t be downloading, and backup, backup and backup again, in online and offline forms!
Finally, iTWire Editor Stan Beer wrote an article yesterday about Melbourne-based IDO Lab and Cryptoinsure which can help SMEs and small businesses to protect and insure themselves against malware attack.