Fake Windows Update Delivers Cyborg Ransomware
A fake Windows Update spam campaign drops Cyborg ransomware when the recipient opens an attachment titled “the latest critical update.” Trustwave discovered the campaign and said that although the file has a .jpg file extension, it is an executable with a file size around 28KB that delivered malware to the system. Ironically, the file is named bitcoingenerator.exe, and really is Cyborg ransomware that will demand $500 in bitcoin. The ultimate payload is downloaded from GitHub when the attachment is clicked. Cyborg is not a well-known ransomware and the name is indicated in the ransom note.
Trustwave found three other samples of Cyborg and believe it was created through “Cyborg Builder Ransomware,” which they found in their investigation and used to create a new ransomware very similar to the one used in the spam campaign. Cyborg appears to be relatively new, and there is no decryptor located on the NoMoreRansom site. Trustwave believes it could disappear or be used extensively by hackers due to the presence of the builder which allows anyone to create and spread ransomware. Researches state that attackers can craft this ransomware to use a known ransomware file extension, leading the victim to believe it is a more popular ransomware rather than Cyborg.