Cybercriminals are leveraging a fake Microsoft Windows update to execute Cyborg ransomware attacks, according to Trustwave, a Top 200 MSSP for 2019.With the Cyborg attacks, cybercriminals are sending malicious emails claiming to be from Microsoft.
Each fake Windows update email contains one sentence in the body that redirects the recipient to an attachment marked as the "latest critical update," Trustwave noted. The fake update attachment is an executable file, and it consists of a malicious .NET downloader that delivers Cyborg to an infected system.
Once an email recipient downloads the fake Windows update attachment, Cyborg encrypts his or her files, Trustwave indicated. Next, a ransom note is left on an infected machine's desktop, and Cyborg leaves a copy of itself hidden on the infected drive.
Introducing MedusaLocker Ransomware
The discovery of a fake Windows update to launch Cyborg ransomware attacks comes after MalwareHunterTeam earlier this year identified MedusaLocker ransomware attacks on Windows devices. Like Cyborg, MedusaLocker encrypts files on Windows users' computers and demands a ransom.
MedusaLocker conducts startup routines and ensures that Windows networks are running and mapped network drives are accessible, Bleeping Computer reported. It then identifies and stops security program processes and closes all data files and makes them available for encryption.
Also, MedusaLocker removes Shadow Volume Copies so that they cannot be used to restore files, eliminates backups made with Windows backup and deactivates Windows automatic startup repair. It next creates a ransom note that is placed in each folder that contains encrypted files.