FAKE Windows 10 installation emails contain Ransomware

There’s a new spamming campaign that’s trying to spread the CTB-locker ransomware by using emails pretending to be coming from Microsoft, telling people that their device is ready to install Windows 10. They mimic the actual Windows 10 emails, and have managed make their address appear as Microsoft’s update@microsoft.com address. There’s a Microsoft disclaimer, and a message claiming that the files have been cleared as virus-free by Mailscanner. You can track their IP address to Thailand. There are also a few text mistakes.

Within the email there is a 734KB attachment, which they will tell you is the Windows 10 installer. However, when opened, it actually is the ransomware. It encrypts media files, documents, etc.

If you receive this email, make sure you don’t open up the attachment.