Trustwave found a current malicious campaign that tricks people by sending them alarming update emails from Microsoft. These emails prove to be malicious, infecting the user’s system with the Cyborg ransomware. Users receive an email titled “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!”. Such a thing is impossible because Microsoft releases Windows updates only through its operating system. The malicious mail contains an attachment with the false update, a “.jpg” file extension, which is, in fact, an executable file. Also, the data is a harmful .NET download that the hackers have developed to bring malware to the infected system.
What You Need to Know About Cyborg Ransomware
The executable data hides a file “bitcoingenerator.exe” from a GitHub account titled misterbtc2020. Cyborg ransomware is also a .NET organized malware that encrypts all of the data on the infected user’s system once activated. Also, it changes files’ names with its file extension, 777. Users will notice then a ransom note, “Cyborg_DECRYPT.txt,” on their desktop. Ultimately, the ransomware will find its place at the root of the infected drive, in a “bot.exe” copy.
Trustwave researchers tried to understand better the types of the Cyborg ransomware by looking for the first filename of the ransomware they got. Then, they looked for it in VirusTotal and identified three other examples of this ransomware and found out that a developer for it is online. Moreover, researchers discovered a GitHub account titled Cyborg-Ransomware that had a storehouse with the ransomware developer binaries. Diana Lopera, Trustwave’s researcher, detailed the issues Cyborg ransomware brings. She said, “The Cyborg Ransomware can e created and spread by anyone who gets hold of the builder. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware.”
Users are advised to choose the right antivirus software to avoid getting their device attacked.