Chicago based Information Security company named Trustwave has discovered a new cyber threat campaign in disguise of Microsoft Update. The Illinois based Cybersecurity company’s team of experts from its subsidiary SpiderLabs have found that an email campaign in the name of Microsoft is doing round from the past few weeks which is actually a phishing campaign spreading Cyborg Ransomware.
Researchers say that hackers are targeting email boxes of several users from the west with subject lines ‘Install latest Microsoft Update Now! Or Critical Microsoft Windows Update!’
In reality, the email is a malicious campaign that is being circulated in disguise of a Windows update pushed out by the technology company to keep the operating system secure from cyber attacks.
As the email contains malicious links, users are pointed to an executable file actually meant for a malicious.NET download that is designed to deliver ‘Cyborg Ransomware’ from an infected server.
Once activated Cyborg encrypts all the files on the system and offers a ransom pop up demanding a huge sum in Cryptocurrency.
Security researchers from Spiderlabs have discovered that the ransomware is being spread from a server hosted on the Russian server and link available on a GitHub repository.
Diana Lopera from Trustwave says that Cyborg Ransomware is pretty dangerous as it has the ability to evade email gateways with ease and can be used for spam campaigns.
More details are awaited!
Note 1- SpiderLabs is an advanced security services rendering research team that was developed by Trustwave’s security researcher Nicholas J Percoco and is now a business unit of the latter. Web app based firewall, ModSecurity, Pen tests, forensic investigation, and security research are the services offered by SpiderLabs which is also entrusted with a job of releasing Trustwave Global Security Report on an annual note.
Note 2- FYI, Microsoft never delivers its security updates via email and so it is better to avoid such emails with subject-lines saying “Microsoft Update and such”.