'Windows Update' by Email is Actually Ransomware

John Lister's picture

A bogus "Windows Update" distributed by email is, perhaps unsurprisingly, actually ransomware. It shouldn't fool most users but makes it a good time to remind less tech-savvy PC owners of the need to take necessary precautions.

The unsolicited emails have a subject line of either "Critical Microsoft Windows Update!" or "Install Latest Microsoft Windows Update now!" Those who open the email will then see a message that says (complete with opening typo) "PLease install the latest critical update from Microsoft attached to this email." (Source: trustwave.com)

$500 Ransom Demand

It seems a safe bet the scammers are deliberately trying to weed out the least tech-confident Windows users as easy marks.

The hope is that users will open the attachment that supposedly delivers the update. Despite posing as a jpg file (possible to evade unsophisticated security software) it's actually a Trojan which then downloads and installs ransomware from a remote server.

Once installed, the ransomware encrypts all files except for a text file that appears as a ransom note on the desktop, which asks for the equivalent $500 USD to regain access to the files. It's not clear yet whether paying up has any effect.

One major limitation to the scam is that the payment must be made in bitcoin, which is usually not easy to set up initially. It's tough to imagine there being too many people who think Windows Updates could come by email, but know how to pay in cryptocurrency.

Ransomware On The Up

The scam comes in the same week a security company reported ransomware was both the biggest and fastest growing security threat, with reported cases up by 74.2 percent on last year. That appears to be mainly because of two factors. (Source: zdnet.com)

Firstly, ransomware "kits" are readily available, which makes it among the most viable methods for attackers who don't have the highest-level of tech ability themselves. Secondly, it's a method that's particularly attractive to criminals motivated by quick cash rather than causing disruption or trying to access confidential data.

What's Your Opinion?

Are you surprised ransomware creators use such simple tactics? Do you have any sympathy for people who fall for such basic scams? How do you make sure less experienced friends and relatives know how to avoid such malware?

Rate this article: 
Average: 4.4 (7 votes)


Dennis Faas's picture

It is for this reason alone that Bitcoin and other unregulated cryptocurrencies should be banned. It is nothing but a currency haven for cybercriminals. I refuse to make any payments in Bitcoin, nor support any websites that use Bitcoin exclusively.