{"id":903,"date":"2015-08-04T12:39:43","date_gmt":"2015-08-04T16:39:43","guid":{"rendered":"http:\/\/www.ccrepairservices.com\/blog\/?p=903"},"modified":"2015-08-04T12:39:43","modified_gmt":"2015-08-04T16:39:43","slug":"ctb-locker-ransomware-spreading-through-fake-windows-10-update-emails","status":"publish","type":"post","link":"https:\/\/www.ccrepairservices.com\/blog\/computer-news\/ctb-locker-ransomware-spreading-through-fake-windows-10-update-emails\/","title":{"rendered":"CTB-Locker ransomware spreading through fake Windows 10 Update emails"},"content":{"rendered":"<p>With the highly publicized release of Microsoft&#8217;s Windows 10 on July 29th, scammers and malware developers were quick to jump in and use it as a method of distributing malware. Cisco&#8217;s Talos Group has <a class=\"bbc_url\" title=\"External link\" href=\"https:\/\/blogs.cisco.com\/security\/talos\/ctb-locker-win10\" rel=\"nofollow external\">discovered<\/a> a email campaign underway that pretends to be from Microsoft and contains an attachment that will supposedly allow you to upgrade to Windows 10. In reality, though, this email is fake and once you double-click on the attached file, you will instead become infected with the encrypting ransomware <a class=\"bbc_url\" title=\"\" href=\"https:\/\/www.bleepingcomputer.com\/virus-removal\/ctb-locker-ransomware-information\">CTB-Locker<\/a>.<br \/>\n<img decoding=\"async\" class=\"bbc_img\" src=\"https:\/\/blogs.cisco.com\/wp-content\/uploads\/win10_blacked_out.png\" alt=\"win10_blacked_out.png\" \/><br \/>\n<strong class=\"bbc\">Image of fake Windows Update Email courtesy of <a class=\"bbc_url\" title=\"External link\" href=\"https:\/\/blogs.cisco.com\/security\/talos\/ctb-locker-win10\" rel=\"nofollow external\">Cisco<\/a><\/strong><\/p>\n<blockquote><p><strong class=\"bbc\"> As you can see the email pretends to be from the email address update@microsoft.com and contains the subject [b]Windows 10 Free Update<\/strong>. Even the email message looks legitimate with no spelling mistakes or strange grammar. This is because the content is copied directly from <a class=\"bbc_url\" title=\"External link\" href=\"https:\/\/www.microsoft.com\/en-us\/windows\/windows-10-upgrade\" rel=\"nofollow external\">Microsoft&#8217;s site<\/a>. The only tell-tale sign is that there will be some characters that do not render properly. Unfortunately, this small sign will not be enough for many people to notice.<\/blockquote>\n<p>Furthermore, once they download the attachment and extract it, the attached Win10Installer.exe icon will be the familiar Windows 10 logo.<\/p>\n<p>It isn&#8217;t until you inspect the file properties of the attachment, do you see that something is not right as its file description will be iMacros Web Automation and the copyright for the program will belong to Ipswitch. Ipswitch is a legitimate company and not the ones who released this malware.<\/p>\n<p>Finally, if a user double-clicks on the Win10Installer.exe file, they will not be greeted with the normal Windows 10 upgrade screen. Instead, after a brief delay they will be shown the screen for the CTB-Locker ransomware.<\/p>\n<figure  class=\"wp-caption alignnone\"  ><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/blogs.mcafee.com\/wp-content\/uploads\/CTBLocker.jpg\" alt=\"CTB-Locker Computer Virus removal and data file recovery service. Local and Online service. Fort Lauderdale,Miami, Boca Raton and all South florida \" width=\"930\" height=\"641\" \/><figcaption  class=\"wp-caption-text\">CTB-Locker Computer Virus removal and data file recovery service. Local and Online service. Fort Lauderdale,Miami, Boca Raton and all South florida<\/figcaption><\/figure>\n<p>At this point, the computer&#8217;s data will be encrypted and there is not much that can be done about it.<\/p>\n<p>&nbsp;<\/p>\n<h2 style=\"text-align: center;\"><span style=\"color: #00ff00;\">IF INFECTED Visit Our <a href=\"https:\/\/ccrepairservices.com\">Main Site OR call 754-234-5598<\/a><\/span><\/h2>\n<h1 style=\"text-align: center;\"><span style=\"color: #ff6600;\"> for latest computer repair and online news.<\/span><\/h1>\n<h2 style=\"text-align: center;\"><span style=\"color: #993300;\">Local and Online Virus removal and computer repairs anytime, anywhere<\/span><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>With the highly publicized release of Microsoft&#8217;s Windows 10 on July 29th, scammers and malware developers were quick to jump in and use it as a method of distributing malware. Cisco&#8217;s Talos Group has discovered a email campaign underway that pretends to be from Microsoft and contains an attachment that will supposedly allow you to upgrade to Windows 10. In reality, though, this email is fake and once you double-click on the attached file, you will instead become infected with the encrypting ransomware CTB-Locker. Image of fake Windows Update Email courtesy of Cisco As you can see the email pretends to be from the email address update@microsoft.com and contains the subject [b]Windows 10 Free Update. Even the email message looks legitimate with no spelling mistakes or strange grammar. This is because the content is copied directly from Microsoft&#8217;s site. The only tell-tale sign is that there will be some characters that do not render properly. Unfortunately, this small sign will not be enough for many people to notice. Furthermore, once they download the attachment and extract it, the attached Win10Installer.exe icon will be the familiar Windows 10 logo. It isn&#8217;t until you inspect the file properties of the attachment, do [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,15,4],"tags":[96,1209,1228,1333,120,1326,833,1327,1330,1301,1334,1335,1325,1329,32,221,20,416,1331,156,33,1086,10,1309,362,330,35,1328,392,158,1319,405,44,474,152,1332,841,7],"class_list":["post-903","post","type-post","status-publish","format-standard","hentry","category-computer-news","category-computer-repair-bulletin","category-virus-and-malware-threats","tag-antivirus","tag-ccrs","tag-complete-computer-repair","tag-computer-technician","tag-computer-virus","tag-cryptolocker","tag-cryptowall","tag-ctb-locker","tag-data","tag-decrypter","tag-encrypted","tag-encrypted-files","tag-encrypter","tag-files","tag-fort-lauderdale","tag-laptop","tag-laptop-repair","tag-local","tag-loss","tag-malware","tag-miami","tag-new","tag-new-virus","tag-on-line","tag-online","tag-pc","tag-pc-repair","tag-recover","tag-recovery","tag-removal","tag-remove","tag-repairs","tag-rootkit","tag-south-florida","tag-spyware","tag-te-hnician","tag-variant","tag-virus"],"_links":{"self":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/903","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/comments?post=903"}],"version-history":[{"count":3,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/903\/revisions"}],"predecessor-version":[{"id":906,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/903\/revisions\/906"}],"wp:attachment":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/media?parent=903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/categories?post=903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/tags?post=903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}