Windows 10 upgrade scams kick off with ransomware

Windows users may need to keep an eye out for new scams that prey on the hunger to upgrade.

Windows users eager to get their hands on Windows 10 need to watch out for a scam that may leave their files encrypted until a ransom is paid.

Scammers often ride on major news events to deliver malware and one that apparently also qualifies for the task is the arrival of a free operating system upgrade for hundreds of millions of people.

Microsoft officially released on July 29 but the the only people likely to have received it yet are Microsoft’s Windows Insider testers and PC makers. The vast majority of Windows 7 and Windows 8 users will be waiting for a notification on their desktops to arrive, which could take weeks or longer with Microsoft rolling out the OS in “waves”.

In the meantime, Windows users may need to keep an eye out for new scams that prey on the hunger to upgrade. Just two days Microsoft’s official Windows 10 launch Cisco’s threat research team spotted a spam campaign posing as Microsoft to deliver ransomware.

The emails claim to include an attached Windows 10 installer package in a zip file, which in fact delivers a threat known as CTB-Locker — one variant of ransomware targeting Windows users who, once infected, typically face a choice to cough up dough or lose their files to the attacker.

While the attackers are using the free Windows 10 upgrade to lure victims, Cisco’s researchers note they're like also exploiting the queue for Windows 10.

“The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign,” Cisco threat researchers noted.

Fortunately, victims will have to download the zip file, extract it and run the executable to become infected, meaning that it won't happen simply by reading the email. There are also tell tale signs the email is a fake, including characters in the message that haven’t parsed properly.

However, Cisco notes that the scammers have gone to some length to make the message appear legitimate, including a sender address presented as, a disclaimer message, and a notice that the message has been scanned for viruses and dangerous content.

Should an eager Windows 10 user fall for the ruse, the malware will present them with a typical ransomware message, which in this case advises that payment is required within 96 hours or else all files will be permanently encrypted.

Microsoft has previously explained it will be rolling out Windows in batches to users around the world, however that message likely won’t have been seen by many users. Following Cisco’s report, Microsoft released a video explaining how users can reserve their copy of Windows 10 and how they will be notified.

That process starts with a Get Windows 10 app that Microsoft has previously rolled out to Windows 7 and 8 users and can be found as a Windows icon at the bottom right hand of the screen. The app will guide users through the reservation process. Rather than expecting an email from Microsoft, users should check their system tray for the notification that the upgrade is ready.

Feeling social? Follow us on Twitter and LinkedIn Now!

Tags cybercrimeciscoscamsCSO AustraliaWindows 10Cisco threat

Show Comments