The research team security Talos Security Intelligence and Research Group of companyς Cisco identified a campaign Ransomware which targets them Windows 10, just two days after the official release of the new Microsoft operating system.
As with most Ransomware campaigns, attackers resort to various tricks and often take advantage of current events to force users to download malicious files to their computers.
Within two days, Windows 10 has already been installed on more than 67 million computers, and the total installations are expected to be launched in the near future according to company estimates. This makes Windows 10 the dominant theme for Ransomware campaigns, with Cisco's Talos team already identifying one of them:
Using an IP address assigned to Thailand, attackers distribute specially configured emails to unsuspecting users, prompting them to install the new Microsoft operating system.
These messages contain a ZIP attachment, which contains an executable file that leads to the installation of the well-known Ransomware, CTB-Locker.
If the users antivirus does not detect the malware software, then they are locked out of their computers and the following message appears:
According to the Cisco team, "Ransomware uses asymmetric encryption that allows attackers to encrypt user files without the need for a decryption key on the infected system."
Users have only four days to pay the requested “ransom», για την αποκρυπτογράφηση των αρχείων τους, ένα πολύ μικρότερο χρονικό περιθώριο σε σύγκριση άλλες σύγχρονες καμπάνιες ransomware.
In addition, through the use of the Tor anonymity network, but also through the use of digital currencies to pay ransoms, intruders are able to maintain their anonymity and quickly take advantage of ransomware campaigns with minimal risk. ”
The Cisco team recommends users back up their computers on a regular basis, which they should also store offline.