Ransom Viruses made to look like legitimate applications!

Ransomware viruses (also known as ransomware) is one of the fastest growing classes of malicious software. A few years ago they were simply just screen blockers such as the FBI virus fast forward to today and we have ransom viruses like Cryptolocker, Cryptodefense and Cryptowall.

 

What’s changed over the past few years?

In the beginning we viruses such as the FBI virus we simply saw a screen lock. A screen lock is when you boot up your computer you see the virus and it takes control of the machine. It does so by allowing you to do nothing except power down the machine and boot up to the same locked screen again. This cycle quickly makes people desperate and they hope to gain access back to their computer by paying the ransom with a western union or green dot card payment. Today, we are seeing more complex and smarter versions of these viruses such as cryptowall. Cryptowall encrypts your data (ex. Photos, word docs, excel docs, some databases, etc.) and then demands ransom in the form of bit coins to get the decryption file to decrypt all of your data and get it back. You can see a more detailed post on Cryptowall here.

 

Ransom Virus Disguised as Windows 10 UpdateRansom Viruses

Ransom viruses are currently being disguised as Windows 10 updates coming from the email address update@microsoft.com with a subject line such as Windows 10 Free Update. At first glance this appears to be an innocent Windows 10 update but in reality it’s a ransom virus. The virus comes disguised in the Windows 10 downloadable update file from the email. While the user thinks they are updating to Windows 10 for free they are really installing the ransom virus which then begins encrypting the user’s data. Be very wary of such e-mails as Windows 10 truly is allowing free upgrades for Windows 7 and 8 users but only through the Microsoft update feature built into your Windows operating system. (you may have seen the icon on your task bar)

 

What to do about ransom viruses?

Keep your anti-virus program and definitions up-to-date. Don’t open any e-mails from anyone you don’t know and if you do then certainly don’t download any attachments from that e-mail. Additionally, you can setup your anti-spam/email filter to filter out the email address update@microsoft.com or e-mails with the subject line Windows 10 Free Update. While these methods will help they aren’t fool proof. We recommend Malwarebyte Pro or Business Edition to protect against or remove such ransom threats.

Looking for help protecting against ransom viruses or just general anti-virus protection? Contact Us!