Watch out - that Windows update could actually just be ransomware

Random Windows Update popup? It could be ransomware…

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity companyFortinethas identified a new money extortion scam disguised as a Windows update page, urging users of the most popular desktop OS to be vigilant.

The attack, which researchers at the company’s FortiGuard Labs division say is considered to be of high severity, encrypts files on the compromised machine. In exchange for their files back, the attacker demands ransom.

Theransomwarevariant, which is known as Big Head, is believed to have been launched in May 2023. An estimated three current variants are all designed to encrypt files on victims’ machines to extort money.

Windows update ransomware attack

FortiGuard Labs says “there is no indication that Big Head is widespread,” but given that it’s just a few weeks old at this point, predicting how quickly it could spread is difficult.

These are the best malware removal tools>Ransomware gangs are losing interest in US firms>Over a third of governments don’t think they can deal with ransomware attacks

So far, analysts have observed two variants at play. The first displays a fake Windows Update screen that reads “Configuring critical Windows Updates.” Once it disappears from the screen after around 30 seconds, it will have already encrypted users’ files “with names randomly altered.”

A handful of “README” files have been seen to carry email addresses, Telegram account details, and even a Bitcoin address, all of which designed to collect money from victims under the promise of file decryption.

The second version uses a different method which, for the end user, will result in the attacker changing the desktop wallpaper for a ransom note demanding one Bitcoin (currently around $30,000).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Big Head ransomware currently appears to be targeting US consumers, though some other attacks by the same group have also been observed in Spain, France, and Turkey.

FortiGuard concludes that, because the majority of ransomware is typically delivered via phishing scams, some simple cybersecurity protection knowledge and hygiene could prevent them.

Data backup frequency, location, and security all need to be considered as ransomware attacks become both more common and more advanced.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

AI and other technologies can give your business a huge productivity boost - if you get on board quickly

The EU AI Act: What do CISOs need to know to strengthen AI security?

Beaming content to your Apple TV is about to get a whole lot better thanks to macOS Sequoia’s AirPlay upgrade