Hello All,

A quick heads-up on the spreading cyborg ransomware phishing e-mails.

It is not new that intruders make use of trending events to manipulate Internet users into cyber-attacks. Now that Windows has rolled-out its Vanadium 1909 feature pack update, what could be more trending in the cyber-space?

So yes, Phishing e-mails are out seeking for victims. The e-mails come with subject lines like "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!". Just in case you do not know, Microsoft will never push updates through e-mails.

Also, these phishing e-mails ask you to install the latest Windows update by clicking on a fake ".jpeg" attachment, that by itself is not an image file but an executable developed by hackers to install ransomware into your machines.

What could Cyborg do to your machines?

The .NET compiled ransomware gets activated and encrypts all the files in the infected machines, it also appends the filename with an invalid file extension. It then leaves a ransom note open. Also, it leaves a copy of itself as "bot.exe" in the infected drive.

The ransomware builder hosted on Github, can easily be picked up. Once someone gets hold of this builder it can be spammed all over with different issues and can be even more carefully crafted to avoid being identified. 

Simply ignore these baits and secure your enterprise network.

Cheers,