While many Windows users have been celebrating the free release of the new Windows 10 operating system, other users are unwittingly downloading files-for-ransom malware instead of the new OS they thought they were receiving.
Tech site Gizmodo was one of several major websites to sound the alarm this weekend. In their article about the scam, the site detailed what goes down when unsuspecting Window-lovers download the malicious software.
Windows users receive an email offering the free download. The email looks legitimate, but when they click to download the alleged upgrade they are instead greeted by a window which tells them their files have been encrypted and that they must pay a certain amount of money to unlock the files, or else.
Softpedia reported that Cisco’s security experts have narrowed down the scam to an “IP address assigned to Thailand.”
The attackers, using an IP address assigned to Thailand, are distributing carefully crafted emails to users, inviting them to install Microsoft’s Windows 10 OS.
United Kingdom-based newspaper The Register published a screen shot of the nasty scam. Users are informed that their “important” files have been encrypted and that the key to decrypt the files is stored “on a secret Internet server”.
Like a scene straight out of a spy movie, the text of the page ends with a sober warning: Delete the program and your files will disappear forever.
This isn’t the first time this ransomware has plagued computer users.
In 2013, a malicious program called CryptoLocker gained notoriety when it began hijacking people’s files, making them inaccessible through the use of military grade encryption. TODAY Money covered the situation, explaining that the users were forced to pay a ransom of $300 or 2 Bitcoin (at the time), and adding that the scam included a “digital clock” that “counts down from 72 hours.” After the timer would run out, the encryption key needed to recover would be deleted.
To instill a sense of urgency, a digital clock on the screen counts down from 72 hours to show much time is left before that unique decryption key is destroyed.
This new malicious software that is masquerading as Windows 10 shares very similar characteristics to CryptoLocker, so it’s very important not to become a victim.
The email scam has all the trappings of a trick: poor grammar and random/missing characters. While these can be telltale signs of a scam, users should still be careful when clicking on any links they are unsure of. People should also inform their friends and family of the ransomware threat to increase awareness.
Gizmodo reminded users that official Windows 10 updates happen through your desktop, not through email.