Taking advantage of an opportunity that presents itself is just what ransomware developers are doing with their move to use the Windows 10 release to infect users’ systems.
Windows 10 released last Wednesday, and users downloaded it over 14 million times in 24 hours. The total amount of downloads was at least 67 million.
Along those lines, Cisco’s Talos Group discovered an email campaign impersonating Microsoft, offering potential victims an attachment that is supposedly a Windows 10 installer.
Even though the email contains several characters that don’t parse properly, the fact the email seems to come from a legitimate-looking email address (firstname.lastname@example.org), uses a color scheme and disclaimer similar to the one used by Microsoft, and contains an indication the message attachment went through the antivirus scanning process will likely fool quite a few into downloading and running the attached file.
Those that do download the email will end up with a variant of the CTB-Locker crypto-ransomware, and will be asked to pay a to get their encrypted files decrypted.