Windows updates are usually something that you don’t get via email. So when you do, you should suspect that that something is amiss. Security researchers from Trustwave’s SpiderLabs have discovered what’s known as the Cyborg ransomware that pretends to be an urgent Windows Update.
That said, the ransomware gives itself away by being propagated via email. The bogus email will either come with the subject line of “Install Latest Microsoft Windows Update Now!” or “Critical Microsoft Windows Update!” to temp you into opening it. It also only contains a simple line which reads “Please install the latest critical update from Microsoft attached to this email”.
Another sign that something is not quite what it seems is that the attachment comes with a .jpg extension. In essence, it pretends to be an image file when it is in fact an executable. When you do click on it, the ransomware encrypts all of your files and gives them its own unique .777 extension. It then leaves a ransom note on your desktop and creates a copy of itself at the root of the infected drive.
As it turns out, a builder for this Cyborg ransomware exists online. The researchers also found a GitHub account with the name Cybord-Ransomware with the ransomware builder.
All in all, the usual online safety rules still apply. You’ll be safe as long as you don’t open suspicious emails, and especially whatever is attached to them. This is especially when they ask you to run or install something that isn’t supposed to be come through emails anyway.