The latest Windows Version (Windows 10) has already been installed on over 67 million computers and will increase in the days to come. However, the release of the new Windows version is also attracting cybercriminals and they are being used in ransomware campaigns. Security researchers discovered that attackers are using IP address to Thailand to distribute specially crafted emails to users and invite them to install Microsoft’s Windows 10 Operating System. These emails come with an attachment, a ZIP archive which contains an executable that delivers the payload: CTB-Locker. If the anti-virus does not detect and forget to scan the archive using Web services like VirusTotal, the computer can get locked and users are greeted by a message. Users are given only four days to pay the ransom and by utilizing Tor and Bitcoin, the attackers are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street