Windows 10 upgrade scams kick off with ransomware

Windows users may need to keep an eye out for new scams that prey on the hunger to upgrade.

Windows users eager to get their hands on Windows 10 need to watch out for a scam that may leave their files encrypted until a ransom is paid.

Scammers often ride on major news events to deliver malware and one that apparently also qualifies for the task is the arrival of a free operating system upgrade for hundreds of millions of people.

Microsoft officially released on July 29 but the the only people likely to have received it yet are Microsoft’s Windows Insider testers and PC makers. The vast majority of Windows 7 and Windows 8 users will be waiting for a notification on their desktops to arrive, which could take weeks or longer with Microsoft rolling out the OS in “waves”.

In the meantime, Windows users may need to keep an eye out for new scams that prey on the hunger to upgrade. Just two days Microsoft’s official Windows 10 launch Cisco’s threat research team spotted a spam campaign posing as Microsoft to deliver ransomware.

The emails claim to include an attached Windows 10 installer package in a zip file, which in fact delivers a threat known as CTB-Locker — one variant of ransomware targeting Windows users who, once infected, typically face a choice to cough up dough or lose their files to the attacker.

While the attackers are using the free Windows 10 upgrade to lure victims, Cisco’s researchers note they're like also exploiting the queue for Windows 10.

“The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign,” Cisco threat researchers noted.

Fortunately, victims will have to download the zip file, extract it and run the executable to become infected, meaning that it won't happen simply by reading the email. There are also tell tale signs the email is a fake, including characters in the message that haven’t parsed properly.

However, Cisco notes that the scammers have gone to some length to make the message appear legitimate, including a sender address presented as, a disclaimer message, and a notice that the message has been scanned for viruses and dangerous content.

Read more: Australians report $136k lost to malware in June, $45m to all scammers this year: ACCC

Should an eager Windows 10 user fall for the ruse, the malware will present them with a typical ransomware message, which in this case advises that payment is required within 96 hours or else all files will be permanently encrypted.

Microsoft has previously explained it will be rolling out Windows in batches to users around the world, however that message likely won’t have been seen by many users. Following Cisco’s report, Microsoft released a video explaining how users can reserve their copy of Windows 10 and how they will be notified.

That process starts with a Get Windows 10 app that Microsoft has previously rolled out to Windows 7 and 8 users and can be found as a Windows icon at the bottom right hand of the screen. The app will guide users through the reservation process. Rather than expecting an email from Microsoft, users should check their system tray for the notification that the upgrade is ready.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Cisco threat researchersmicrosoft.comciscoWindows 10scamsransomwareCSO Australiacybercrime

More about CiscoCSOMicrosoftTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts