A Cyborg ransomware posing as a fake Windows 10 update recently attacked some users, encrypting the victim’s files in the process. The said ransomware was hidden in an email sent out to users.

It is important to always remember that legitimate updates from Microsoft are always pushed and released through the operating system itself of the device, and not downloadable vial and email with a suspicious attachment.

Security firm Trustwave looked deeper into the ransomware infection case and discovered the source of the executable file, as they detailed in their blog post.

The process of the attack will be started once the clueless victim clicks on the attachment that is a JPEG file but is not really an image file but a masked executable program that will then download a file named “bitcoingenerator.exe” from a GitHub account that was traced back to a username called misterbtc2020. This ransomware is more commonly called as Cyborg ransomware.

The executable file will then infect the computer and encrypt ALL of the files on it. It will also change all of the filenames of all files on the computer to a new file extension, which is “777.” Afterward, a ransom note with the filename “Cyborg_DECRYPT.txt” will be left on the desktop, containing a message to the victim announcing the terms of the ransomware and a “promise” to have all files decrypted in exchange of $500 sent to an anonymous Bitcoin wallet.

Digital threats including misinformation and ransomware could threaten the integrity of the 2020 US election, security researchers say
Digital threats including misinformation and ransomware could threaten the integrity of the 2020 US election, security researchers say AFP / KIRILL KUDRYAVTSEV

The user on GitHub that was also the source of the ransomware file also has a ransomware builder available for download. This means that anyone with enough know-how can go and create their own version of a ransomware.

Speaking to Threat Post, Karl Sigler, threat intelligence manager for Trustwave SpiderLabs said that this added a whole new dimension to the attack.

“Ransomware has been widely used to attack different organizations and governments and having it and its builder hosted on a software development platform Github is significant,” he told the site. “Anyone can grab a hold of it and create their own Cyborg ransomware executable.”

Microsoft is yet to make a comment on this issue.

RELATED STORIES
Ransomware Cybercrime Microsoft Security