Cybercriminals are taking full advantage of PC users waiting for an email from Microsoft informing them their Windows 10 upgrade is ready.
Microsoft launched Windows 10 on July 29th and is rolling out the new version in waves to users around the world.
Hijacking the release, the email claims to come from the company but is actually CTB Locker ransomware, potentially infecting thousands of devices.
“This software release creates the perfect context for cybercriminals and they’re fully taking advantage of it,” states Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender.
“Millions of people are expected to upgrade to Windows 10, so we might witness a substantial number of PC users falling victim to such scams.”
Within the fake email, the ‘From’ field features the email address firstname.lastname@example.org, which appears to be a valid address. The subject line clearly states the apparent purpose of the email: ‘Windows 10 Free Update.’
Disguised as an innocent Windows 10 installer, the ransomware needs to be downloaded and executed manually by the user. Once installation is complete, the victim is presented with a warning message.
Infected users are instructed to pay $600 for the private key stored on their servers. Without it, decryption is impossible. When the ransom is paid, decryption will start and a payment verification screen will be displayed.
According to Bitdefender Labs, the malicious emails were sent in three days from spam servers located in a variety of countries including France, Russia, the US, Thailand, Ukraine, India, Kazakhstan and Taiwan.
Bitdefender, which detects and blocks the threat, advises users to install software updates only from reputable sites and reminds them to avoid accessing attachments and links from unrequested emails.
Read more about Windows 10: