Watch out for this new malicious ransomware disguised as Windows updates

Watch out for this new malicious ransomware disguised as Windows updates

Follow my tips to prevent yourself from being the next victim

by Jenna Roach

Is that really a Windows update you are about to click on? Or ransomware in disguise? As first documented by Fortinet FortiGuard Labs and followed up by Trend Micro, a new ransomware is currently on the rise and disguising itself as fake Windows updates and Word installers as part of a malvertising campaign. Also, multiple variants of this ransomware have been discovered.  Here’s what we know so far and what you can do to protect yourself.

What does this new ransomware do?

The ransomware, which is called Big Head, infects devices and encrypts the device’s files by displaying a fake Windows update alert on the victim’s computer. Three encrypted executable files are deployed in the attack – one for propagating the malware, one for facilitating communications via Telegram, and one for encrypting the files and displaying the fake Windows update. If a person clicks on this fake Windows update alert, Big Head will begin its attack by deleting backups, checking the virtualized environment, disabling the computer’s Task Manager to prevent the user from deleting it, and more.

1-RANSOMWARE

Credit: Trend Micro

There have also been variants discovered of the Big Head ransomware that are capable of stealing web browser history, directory lists, running processes, product keys, and network information. Most of the samples of this ransomware have been submitted from the U.S., France, Turkey, and Spain.

MORE: RUSSIAN RANSOMWARE ATTACK SOFTWARE TARGETS APPLE MAC AND MACBOOK

What can I do to protect myself from this ransomware?

Ransomware criminals will try to get you to pay money to them to get your files back. However, paying the ransom does not guarantee that you will regain access to anything a criminal takes from you and will only permit them to do it more.

Your best bet is to prevent an attacker from gaining access to your files altogether so that you don’t have to try to fight to get them back. Here are some of my tips for avoiding having your files stolen in a ransomware attack.

If you receive an email from an address you do not recognize, don’t open it. If you open it by mistake, avoid clicking any links or opening any attachments within the email. This is a classic method that cybercriminals use to try to trick you into thinking that the message is from someone important.

Have good antivirus software

Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware or ransomware on your devices, allowing hackers to gain access to your personal information. Plus, it’s designed to tell you when there is already malware on your device so that you can immediately work towards getting rid of it. 

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Best Antivirus Protection 2023

MORE: HOW TO BACKUP YOUR WINDOWS COMPUTER

MORE: HOW TO BACK UP YOUR MAC COMPUTER

 

Back up your files on an external hard drive

I highly advise you to create backups of your information on an external hard drive and store it securely in a safe location. This process involves regularly making backup copies and then disconnecting the external drive from your computer for added safety. You should store the disconnected drive in a secure place like a fireproof safe or a safety deposit box. By keeping the drive unplugged when not in use, you significantly minimize the risk of unauthorized access to your data by hackers.

Top recommendations for external hard drives

Here are some of my top recommendations for external hard drives.

My Passport SSD Portable Drive

1-MY PASSPORT

Credit: Western Digital Store

The My Passport SSD drive easily plugs into a USB port to backup at blazing speeds, then eject and unplug it so that hackers cannot get access to your backup. You can set password-enabled hardware encryption to protect valuable content. It also comes with a 5-year limited warranty. It is also drop-resistant up to 6.5 feet 500GB, 1TB, and 2TB sizes. At the time of publishing, this product had over 4100 global ratings with 78% giving the product 5 stars.

Get My Passport SSD Portable Drive

 

 

SanDisk Extreme Pro SSD

2-SANDISK

Credit: SanDisk

My external drive is hooked up to my PC 24/7, but if your data travels with you and you need a more rugged solution, the SanDisk Extreme Pro SSD would be an excellent choice. Its rugged IP55 water and dust-resistant exterior can survive a drop of 2 meters which is about 6 feet 7 inches. At the time of publishing, this product had over 8800 global ratings with 77% giving the product 5 stars.

Get SanDisk Extreme Pro SSD

 

 

Use a cloud service

The great thing about cloud storage is how flexible it is. If you ever need extra storage room, you can get it right away (though it does come with a price tag). However, there’s a major downside to consider: you can’t be sure who has access to your stored data. Just so you know, the term “cloud” is more of a metaphorical concept. In reality, your data resides on servers owned by someone else, leaving it potentially vulnerable to hackers, snoopers, and other unscrupulous individuals.  Get my picks here:

How to back-up your devices the right way

 

Keep software up to date

Regularly update your operating system, antivirus software, web browsers, and other applications to ensure you have the latest security patches and protections.

 

Kurt’s key takeaways

Attacks like these are scary, especially when the attacker is disguising themselves as a legitimate company like Microsoft. This is why you have to be extremely careful before you click on any links or open any attachments that are sent to you out of the blue. Make sure you follow my tips, and don’t be so quick to judge everything that you see right away.

Why do you think the U.S. has been a major target of this ransomware? What more should authorities be doing to stop it? Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related:

 


   

17 comments

Dick Johns July 19, 2023 - 11:51 am

The best way to protect yourself is not have your account as an administrator. Have your account as a local user.

Reply

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder