Escan
Pastel
HP
Castello
Sageone

If you dare to update your system to Windows® 10 based on fake emails from Microsoft®, then you could be a victim of Cryptolocker Ransomware.

The Phorce research team has discovered that cyber-criminals are using various social engineering techniques to take advantage of millions of people looking for a free system upgrade to Windows® 10 which was officially launched on July 29 worldwide.

According to US-CERT, Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and sometimes demands in virtual currency, such as Bitcoin.

What is Cryptolocker?
It is a kind of Ransomware which can prohibit Windows® users accessing their photos, personal documents, zip files and host of other files. It makes use of asymmetric encryption i.e. Victims cannot access their files unless they have a private key, which is owned by the malware author and in order to obtain the key, the victim has to pay a ransom amount to the cyber-criminal in virtual currency.

How does it work?
The malware enters the user’s system through a fake e-mail from Microsoft® and cyber-criminals make use of well-crafted email addresses, such as This email address is being protected from spambots. You need JavaScript enabled to view it., making it appear as a valid one, along with a subject line ‘Windows 10 Free Update’ and an attachment. The attachment, once downloaded and executed by our research team, displayed a warning message along with the instruction to pay $600 for the private key within 96 hours. The malicious e-mail was traced to spam servers located in countries such as India, Russia, Thailand, USA and France.

So what can we all do to protect ourselves against Ransomware?
Ransomware viruses infiltrate your computer when you click on a legitimate-looking e-mail attachment or through existing malware lurking on your hard drive, and once unleashed it instantly encrypts all your files
► Users can update their current system to Windows® 10 in two stages i.e. Reserve and Upgrade. In the first stage, users need to check whether they have gotten a notification in their taskbar from Windows® which will reserve a free copy of Windows® 10. On clicking the menu present on the top left, it will check your system and run Windows® Advisor to make sure that your hardware and software is compatible with Windows® 10. Windows® 10 will be downloaded once it is available. And the last stage is Installation where users will get a notification that Windows® 10 is downloaded and needs to be installed.

► Ensure that your antivirus package is updated with the latest version and latest virus signatures - our mail scanner will delete / quarantine any attachments with a .scr file hidden inside .cab/.zip/.rar attachments.

► Configure your antivirus settings to automatically do system updates.

► Keep your computers backed up on an independent drive or by using a cloud backup.

► Make sure you either implement Mailscan at the gateway level or enable Mail Anti-virus in order to block extensions such as *.EXE, *.SCR,*.JS, *.VBE etc. These attachments could infect your system.

► Take those software update and “patch” alerts seriously.

► Create a 'restore point' for Windows® that can be used to restore the system to a known clean state.

► Beware of the Attachment ! (Remember: Brand-name businesses like SARS and banks will rarely send you attachments). Exercise extreme caution with such emails, never open an attachment from an email asking for verification. Even if an e-mail seems to come from a familiar address, it does not mean it actually is sent by that person or company - this is called e-mail spoofing !

► When you need to access a secure site, type in the address instead of clicking on the link in an e-mail or document. If you have to click on the link, put your mouse cursor on the link in the e-mail or document to see whether it is actually the address it should be. More info about this when we address Phishing e-mails and websites.
Best regards,
Phorce Support Team