• about reply
WM Reply Logo
Menu
  • About Us
    About Us
    • Newsroom
    • Case Studies
    • Events
    • News & Communications
    • About Us
  • Services
  • SOLUTIONS
    SOLUTIONS
    • Productivity & Collaboration
    • SharePoint Intranets
    • Enterprise Social Networks
    • Digital Workplaces
    • The Accelerator by WM reply
    • Core Technologies
    • SharePoint
    • Power Platform
    • Microsoft Teams
    • Office 365
    • Microsoft FastTrack
    • Microsoft Exchange
    • Yammer
    • Nintex Workflows
    • Microsoft Viva
    • Business Solutions
    • Mobile Applications
    • Document Management
    • Consumer Experience
    • SharePoint Websites Design
    • SharePoint Extranets
  • Careers
  • Contact us
  • about Reply
WM Reply Logo

Search

Focus On

News & Communication

Users issued warning over spoof Windows update

FOCUS ON: cybersecurity, Cybercrime, Microsoft, Malware,

Cybersecurity experts have identified a spam campaign capable of infecting systems with Cyborg ransomware. The attack is made via a fake Microsoft email that outlines an important update for the Windows operating system.

Diana Lopera, security researcher for Trustwave, states the emails purportedly from the Washington-based company include just a single sentence in the main body of the email and contain a typo. The message reads:

"Please install the latest critical update from Microsoft attached to this email"

The recipient is then directed to the email’s attachment, which if opened, springs the trap.

Malicious attachment and malware delivery process

The attachment that supposedly includes the vital update includes a .jpg extension but in reality, is an executable file. The size of the file is about 28KB with a randomised filename. It is a .NET downloader that can maliciously deliver another piece of malware into the already infected system.

Entitled bitcoingenerator.exe, this file will be downloaded to the user’s device from a Github account under the name of misterbtc2020. The actual file however is Cyborg ransomware.

The ransomware encrypts all files on the victim’s system and appends their file names with a file extension of its own. A ransom note will remain on the compromised device’s Desktop labelled: "Cyborg_DECRYPT.txt". The details enclosed in this text file can also be located on the ransomware bitcoingenerator.exe overlay.

In addition, the malware plants a copy of itself deep within the infected drive as an executable file entitled “bot.exe”.

A new design of ransomware

Lopera explained that the account in Github, Cyborg-Ransomware, is a new creation too:

"It contains two repositories: Cyborg-Builder-Ransomware, and Cyborg-russian-version. The first repository has the ransomware builder binaries while the second one contains a link to the Russian version of the said builder hosted at another website,"

She also commented on the "Cyborg Builder Ransomware V 1.0.7z" 7zip file:

"It contains the ransomware builder "Cyborg Builder Ransomware V 1.0.exe". We compared the sample generated from the said builder (Ransom.exe) from what we have in this spam and they are similar! Only the overlay differs as it contains the data inputted by the builder’s user.”

According to Lopera, the malware can even be spammed utilising different themes and can come in varying attachment types in order to bypass email gateways and reach its intended target.

Microsoft updates are a vital part of keeping a Windows operating system safe and secure against ransomware, which makes the technique of this recent spam campaign especially cunning. Threat researcher for Webroot, Kelvin Murray, commented that along with causing short-term damage, fake updates can undermine the overall confidence users have in updating and lead to weaker levels of security.

At WM Reply we’re experts at using the latest Microsoft technology to enhance your business processes. We create bespoke and secure solutions for greater collaboration and improved communication using online platforms like Microsoft SharePoint, and how it can integrate with Office 365. For advice and assistance, contact our specialist team today.

RELATED CONTENTS

20.10.2020 / MICROSOFT

News & Communication

Microsoft announces milestone in digital learning

Tech giant Microsoft has revealed that over 500,000 UK residents have increased their skillset with new digital abilities over the last three months, using free online study courses.

27.08.2020 / MICROSOFT

News & Communication

Getting more out of Microsoft Teams

It’s fair to say that life after Covid 19 is going to be very different for every single one of us. Will we return to offices? Will we have a combination of office and working from home? Will we move to permanent home-based working? Whatever your solution, it has never been more important to think about how you make the most of your collaboration tools! That’s where Microsoft Teams comes in.

26.08.2020

News & Communication

New Microsoft partner launches powerful laptop for learning

A dual device, the Kano PC laptop features an innovative design that enables users to remove or click new parts into place as they increase their IT skills. Recently released around the world, the product rollout coincides with an announcement from Kano, introducing its new partnership with Microsoft.

 
 
 ​
 
Reply ©​​ 2023 - Company Information -
 PrivacyCookie Settings​
  • Abou​t Reply​​
  • Investors​​​
  • Newsroom
  • Follow Reply on
​
  • ​About WM Reply
  • Privacy & Cookies Policy
  • Information (Client)
  • Information (Supplier)
  • Information (Candidate)