The free upgrade to Windows 10 has been available for a week and hackers have already found a way to exploit the occasion to their advantage. A number of spam and phishing emails have surfaced over the past week, one of the most notable of which is a particularly serious threat in the form of a spam campaign that aims to deceive users of Microsoft products and drop ransomware on their computers.
It was a team of researchers at Cisco TALOS who brought the threat to the attention of computer users. In a press release this week, they claim to have spotted spam that was carrying an archived email attachment from a Thai email address which spoofed a recent Microsoft update.
Anyone who downloaded and executed the files that were contained inside the zip archive were subsequently hit by CTB-Locker ransomware, a particularly malicious form of ransomware used in countless attacks.
CTB-Locker ransomware behaves in a similar fashion to most strains of crypto-ransomware; it spreads to users’ computers via email, exploits drive-by downloads, encrypts users’ documents stored on the computer, and then demands a ransom, traditionally paid in the Bitcoin online currency, in exchange the encryption key.
One of the trademarks of the recent CTB-Locker ransomware attacks are their unusually short ransom times compared to previous attacks. Whereas most attacks using this form of ransomware give their victims a broad window in which to pay the ransom, the recent attacks have only given users a 96-hour window in which to pay.