While undoubtedly important, Windows update notifications are an annoyance at the best of times. The next one you see could be downright criminal, though, after security researchers revealed that a new strain of ransomware is disguising itself as a critical Windows update alert.
The team at Fortinet have dissected the recently surfaced “Big Head” ransomware and found that two variants of the virus are currently targeting consumers in the US and countries such as Spain, France and Turkey. One of them uses a fake Windows update screen to stall users while it encrypts the device's files in the background, a process which takes just 30 seconds according to the cybersecurity experts.
Once loaded, the ransomware opens up a ransom note in the form of .TXT file that demands payment arrangements be made via the included email address or Telegram account. The attacker promises to send a decryption key upon receipt of the ransom amount – or leak the data if the victim fails to comply. A variation on the main note also exists that offers a “fast payment” option direct to a Bitcoin wallet. However, in a rare bit of good news from the shadowy world of ransomware, the researchers add that it should be picked up by many of the best antivirus software solutions available to Windows users right now.
Multiple Strains of Big Head Ransomware Detected
In its full report on the Big Head ransomware family, FortiGuard Labs notes that while it's unclear exactly how the virus was spreading, the use of the phony Windows update screen was “potentially indicating that the ransomware was also distributed as a fake Windows Update.” While unproven, it's a particularly worrying theory given how much emphasis businesses and IT departments in particular put on installing OS updates.
Fortunately, while the severity level of the attack is graded by the firm's FortiGuard Labs division as “High”, the ransomware isn't believed to be particularly widespread or even that sophisticated at this stage.
The breakdown also noted a couple of other variants of Big Head in existence, including one featuring a Microsoft Word icon that “was likely distributed as counterfeit software” and another that launched a more traditional ransomware demand screen after locking down the system in question. The fact that there are so many different versions of the virus suggests the cyber criminals behind it are still testing different strategies for deployment, which may also help explain why its spread has been thankfully contained thus far.
Empowered Employees the Best Line of Defense
Fortinet concludes its investigation by reminding those affected by ransomware that paying up is no guarantee of successfully recovering your data. As we note in our in recent ransomware statistics deep dive, as little as 4% of organizations that pay ransomware demands recover all their files safely.
This underlines the fact that best strategy for fighting ransomware and other types of cyber crime at businesses is employee-level prevention. Even the most secure operating system can be easily hacked these days, if someone on the victim's side has unwittingly given away key credentials, so it's more important than ever that staff are clued up on how to spot phishing attacks and other common initial points of compromise.
Almost as important as education is employees having the right tools at their disposal. To make online security easier for them, consider if one of the using a best password managers meets your organization's needs. These are a remarkably effective way of ensuring that all the individual accounts linked to your company are protected by strong, unique passwords, as they take the pain out of remembering the kinds of increasingly complex combinations recently satirized by viral puzzler The Password Game.