1.    03 Sep 2015 #1

    Ransomware disguised as Win 10 update

    Thought i would post this here but maybe the "news" section would benefit , if this is old news my apologies but it's scary.

    Beware! That Windows 10 update message could be ransomware in disguise

    A new virus is on the loose and it’s targeting users waiting for their Windows 10 update. A variant of CTB (Curve-Tor-Bitcoin) Locker is currently being downloaded on to Windows 7 and 8 users at alarming rates. If you are waiting for your Windows 10 upgrade, please read the details below and proceed with caution when downloading anything from an email attachment.
    It starts with an email

    This new threat actor has a clever way of making its way onto your system. Since many people are eagerly awaiting their Windows 10 update, scammers developed a convincing email campaign to lure people into downloading their ransomware.
    A screen shot of the offending email. Source: Cisco Blogs

    As you can see, the email has the appropriate color scheme as well as a believable email address: update@microsoft.com. The scammers have even gone so far as to include a little note at the end that may give the recipient a false sense of security:
    Don’t be fooled! This email is NOT safe. Source: Cisco Blogs

    And then they demand you pay up

    Once an unsuspecting victim downloads the false update to their computer and runs it, they’ll see this message:
    The CTB-Locker message. Source: Emsisoft

    The victim will find that their files have been encrypted and will not open properly, and like most ransomware variants, the decryption key will not reside on the infected system. The user allegedly has 96 hours before the decryption code is destroyed and the only way to get a hold of it before then is to pay an outrageous $200 USD.
    Early detection is key

    As eager as you may be for the latest Windows 10 update, please be aware that so many cyber criminals are waiting to take advantage of you! Be wary of emails with typos, strange characters, and in the case of the phishing email above, an IP address from an unexpected part of the world (in this case, Thailand).

      My System SpecsSystem Spec

  2.    03 Sep 2015 #2
    Join Date : Jul 2015
    Posts : 1,581
    Windows 10 Pro x64 RS 10586.586

    Thanks for your Post!

      My System SpecsSystem Spec

  3.    03 Sep 2015 #3

    Quote Originally Posted by Cluster Head View Post
    Thanks for your Post!

    Your welcome but i think i should of held off , seems like it's old news and i should of posted in the Win 7 forums forum , thats probably where it would be relevant, if at all .

    If "brink" doesn't think it's relevant here i hope he deletes it , i should have researched further .
      My System SpecsSystem Spec

  4.    04 Sep 2015 #4
    Join Date : Aug 2015
    Posts : 80
    Windows 10 64bit

    Actually I don't read the Win 7 forum. I am happy you posted it here. I have passed this info on to friends and family that still use Win 7.
      My System SpecsSystem Spec

  5.    05 Sep 2015 #5
    Join Date : Jun 2015
    Posts : 10,446
    Windows 10 Pro / Windows 10 TP / Windows 8.1 Pro / Windows 7 Pro

    This is indeed pretty old news, but it is always good to post it for those who aren't aware of this
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Windows Update Issues - Auto Driver Update & Update Freezes
First issue is that I need to use a specific older driver for my AMD graphics card and windows 10 continues to update the driver automatically and causes my system to crash. I've gone through {Control Panel-Devices & printers}, selected my machine,...
Drivers and Hardware
New Ransomware attack
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
AntiVirus, Firewalls and System Security
10240 latest update - longer to download than ENTIRE update from 10162
Hi there I have a decent FAST internet -- but latest update (only a security update) seems to be taking LONGER than the ENTIRE update I did going from 10162 to 10240. 15 mins and STILL only at 6% ??? for a small security update. I know my...
Installation and Setup
CoinVault ransomware? New free tool may decrypt them
Files encrypted by CoinVault ransomware? New free tool may decrypt them | PCWorld
AntiVirus, Firewalls and System Security
ALERT!: New ransomware allows one user file 'free' decrypt
New ransomware allows one user file 'free' decrypt By Dimitri Reijerman , Sunday, November 16, 2014 14:26 , comments: 201 , Views: 31,371 • Feedback Security firms Webroot has a new ransomware-variant found that the user after encrypting the...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:07.
Find Us
Twitter Facebook Google+

Windows 10 Forums