Windows 10 is now released and people are installing it on their PCs in huge numbers. According to the media reports, more than 67 million people have installed Windows 10 on their PCs. For those who were left behind in the upgrade process, Microsoft even decided to help them out with Windows 10 media creation tool. Unfortunately, scammers are taking the advantage of the desperation of Windows users- that has resulted in a newly reported Windows 10 ransomware scam.
How does this Windows 10 Ransomware target users?
According to the Cisco’s security team, they have found a new scamming campaign that spreads CTB-Locker ransomware. This trouble comes in the form of a fake Microsoft email, telling Windows users that their Windows 10download is ready.
These messages in Windows 10 ransomware scam mimic the emails sent by Microsoft, along with some text mistakes and changes. However, scammers have managed to spoof the address of origin as firstname.lastname@example.org. To make the messages look more authentic, attackers are using the same color scheme used by Microsoft to fool the users. Thus, these emails look more legitimate.
The mail is also coupled with a Microsoft disclaimer and a message that files are virus-free. The origin of these emails has been traced back to Thailand.
What will happen if you run the CTB-Locker file?
Falling into this Windows 10 Ransomware trap, users download the .zip attachment. After extracting the files and run the executable program, your computer will be immediately locked by CTB-Locker ransomware. This ransomware tells the users to submit the payment within 96 hours, and failing to do so will result in the permanent encryption of PC files.
CTB-Locker uses elliptical curve encryption which provides same private/public key encryption with a different kind of algorithm. This new algorithm results in lower overhead and same security at a smaller key space.
Cisco’s security blog has written that this Windows 10 ransomware threat will increase until the attackers find new ways to monetize the compromised PCs. It advises the users to store their data as an offline backup. This Windows 10 ransomware phishing attack shows that such launches and events are targeted to trap users.