https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Ransomware Warning on Windows 10 Download Ruse

  • Written by DH Kass 1
  • August 4, 2015
Security specialists are warning Windows 10 downloaders not to be duped by a faked email purporting to come from Microsoft but instead housing an attachment containing the nasty CTB-Locker ransomware.

Security specialists are warning Windows 10 downloaders not to be duped by a faked email purporting to come from Microsoft (MSFT) but instead housing an attachment containing the nasty CTB-Locker ransomware.

Cisco’s (CSCO) Talos security team noticed a new malware campaign to distribute the CTB-Locker ransomware posing as an email update from Microsoft to inform users that their Windows 10 download is ready. But, in fact, it’s a ransomware ruse traced back to a Thailand IP address.

“Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload,” Talos wrote in a blog post. “This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain. The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.”

The email is similar to one that Microsoft sends to users pre-registering for the Windows 10 upgrade but there are some telling text and other mistakes that users can recognize once informed. As Talos describes the malicious email, the “From” address appears to come from Microsoft but a look at the email header reveals that it originates from an IP address in Thailand.

And, while the attackers deploy a color scheme in the email similar to one Microsoft uses, the text and character errors stand out on closer inspection, Talos said. To try to trick readers into believing the email is authentic, the attackers add a link reference that the email has passed a malware inspection and a disclaimer that looks like it would come from Microsoft.

However, “once a user moves past the email, downloads the zip file, extracts it, and runs the executable, they are greeted with a message” telling them their personal files are encrypted with CTB-Locker, demanding payment within 96 hours for an encryption key or their files will be permanently encrypted with no chance for recovery.

What’s happened is a 734KB attachment used in the emails containing the ransomware has been unleashed to encrypt documents, media files and other materials.

“The payload is CTB-Locker, a ransomware variant,” Talos wrote. “Currently, Talos is detecting the ransomware being delivered to users at a high rate.”

This variant of CTB-Locker is unusual in a few ways, reported the U.K.’s Register. While it asks its victims to pay in Bitcoin, the 96-hour window allotted is shorter than most malware demands.

But, in perhaps the most unusual of twists in ransomware cases, the cyber kidnappers show their victims a list of encrypted files and offer to decrypt five for free.

“If you look at malware like Cryptolocker, it has built a market for itself because people know that if they pay they will get their files back,” Craig Williams, Cisco Talos security outreach manager, told the Register.

“CTB-Locker is doing the same thing by proving to people they can do what they say they can do,” he said.

“If you pay the attacker in Bitcoin then it’s a very smooth funding stream; the money goes directly to paying the [malware] development team,” he said. “That’s why we’re seeing such a fast development cycle in ransomware.”

Security expert Stu Sjouwerman advised users to “be very careful with any email claiming to be from Microsoft about ‘your Windows 10 Upgrade.’ Make sure that any links in the email really go to Microsoft. Better yet, do not click on any link or open any attachment, but go to the Microsoft website for more information.”

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security

Related


  • strong customer relationship
    KnowBe4 to Buy MediaPro, Beef Up Privacy, Compliance Training
    This is a strategic acquisition for KnowBe4's customers and partners
  • Security Merger
    Thycotic-Centrify Merger Poses Potential Threat to PAM Leader CyberArk
    PAM technology is more relevant than ever with widespread remote work.
  • New Direction
    Spectra Logic’s New Partner Program Reflects Vendor’s New Direction
    The vendor says changes to how partners approach the market are behind recently announced updates to its partner program.
  • ldquoAlliant was fortunate enough to actually be in the control of their production with NetBond so we had already made a sale and we turned the service up to one of our customers We sold the connection to Microsoft Manager It was the very first one sold through the Partner Exchange and we turned it up with absolutely no problem at all It39s a very valuable tool to help add value to the MPLS network that they have Customers today are trying to determine do they keep their MPLS or do they move t
    Why Fortinet for my MSSP?
    With hundreds of thousands of customer nodes under management, and billions of dollars of assets under their protection, the world’s top MSSPs hold their firewalls to extremely high standards for reliability, functionality, and flexibility. Read on to learn why Fortinet stands above the crowd of security vendors when considering solutions to address their complex requirements. […]

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • AppGate Partners Gain New Accretive Rewards Program
  • Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution
  • Massive SolarWinds Hack Prompts Up to $25 Million in New Security Costs for Company
  • IBM Leans on Partners to Bring Cloud Satellite Services to Life

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Kelly Leonard of @SecondCity talks to us about how improv can be used as a business tool to improve the company cul… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

Another amazing day at #CPVirtual. Here's what you missed and what's on tap for Day 3. @Channel_Expo… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

Learn how @VMWare can help you build and deliver a #multicloud strategy. #hybridcloud #cloud #AWS… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

Learn about the merging of our media websites; plus, a new #MSP Summit this fall. @Channel_Expo… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

.@KnowBe4 acquires @MediaPROInc to beef up #cybersecurity training. dlvr.it/RtvdpB https://t.co/FzseCn4K6A

March 3, 2021
ChannelFutures

#COVID19 is ramping up #socialengineering – time for MSSPs to step in. @Electric_AI dlvr.it/RtvRQc https://t.co/ebTJNJcOxz

March 3, 2021
ChannelFutures

.@pluribusnet launches expanded, simplified partner program. #SDN dlvr.it/RtvGtQ https://t.co/bRDqYLEhXJ

March 3, 2021
ChannelFutures

#SupplyChain agility is changing global distribution patterns and #ictservices, says @NeecoICT.… twitter.com/i/web/status/1…

March 3, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X