Windows 10 Ransomware Email Brings More Headaches To Business IT

Windows 10 Ransomware Email Brings More Headaches To Business IT

After our report on crytoviruses, readers expressed frustration over how despite their best efforts to secure IT within their organisation, there is always that one chump who clicks on a special offer email on the computer they use for work and compromise the corporate network. Well now there’s one more threat to worry about: Windows 10 upgrade ransomware emails.

With all the hype surrounding the launch of Microsoft’s new operating system, a wave of computer users are aching to jump on-board. Millions downloaded the free upgrade at launch and many more are patiently waiting for their turn in the progressive rollout. Understandably, some people want to jump the queue and cybercriminals are trying to prey on the anticipation and excitement.

Cisco has warned of a cryptovirus threat that impersonates an official email from Microsoft, offering a free upgrade to Windows 10 along with an attachment. Once the attachment is opened, the cryptovirus takes the computer hostage, demanding payment within a timer ticking down to the deadline before all files are destroyed.

From Cisco Blog

“The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign,” Cisco threat researcher, Nick Biasini, said in a company blog post.

For organisations that exercise absolute control over their end-user devices, that wouldn’t be a problem. However, many companies out there value providing employees with a degree of flexibility on their work devices, allowing them to manage their own installation of software or have bring-your-own-device (BYOD) policies. The problem is, cryptoviruses can infect multiple computers on the same network if even just one device is compromised, which can be extremely damaging to an organisation.

You can’t guarantee that one security-challenged employee won’t screw up and click on a cryptovirus email, but for now, you can let the people in your organisation know what to look out for in excruciating detail. The Windows 10 upgrade scam email looks like this:

Windows 10 Ransomware Email Brings More Headaches To Business IT

From Cisco Blog

Despite using the blue colour scheme that Windows 10 typically uses, there are tell-tale signs that it’s a fake. Several characters on the email don’t show up properly and, ironically, there’s a disclaimer at the bottom that claims the message has been scanned for viruses, which is becoming a common technique for cybercriminals.

You can see the attack in action in the video, originally released by Cisco, below:

As discussed in our previous cryptovirus article, backing up is your best friend. Backing up all crucial business data means even if your company is hit with a cryptovirus the damage would be minimised.


  • You’re either ignorant or misinformed if you condone windows 10 in the first place, so I don’t see anything wrong here.

  • Just out of interest, would keeping a text file with the exact contents of the file be a valid way to protect this? Because if you knew the exact contents you could compare it to the encrypted file and work out the encryption key no?

    • Sorry but no, the application creates both the lock and key, then sends the key to a centralised server. The software says this is the lock, pay us money for the key. When you pay up – they usually send the key within 24hrs. My understanding is that only one type of this malware has been cracked and that’s because law enforcement were able to get the masterkey stored on one of the servers.

  • …cryptoviruses can infect multiple computers on the same network…
    If it encrypts files on a mapped network drive, it doesn’t even need to infect other PCs to disrupt a lot of people.

    • Newer versions of crypto virus’ don’t need the drive to be mapped. They scour the network for anything they can access and have modify permissions to (using the user profile of the logged in person) and will encrypt files without having a drive mapped.

  • lmao…. the file is made by iMarcos web automation and windows screams that its an unknown developer… at that point who would click next?

  • My prediction for the NEXT malicious attack:
    Microsoft will be either targeted, or impersonated.

    As a result, millions of users worldwide will automatically download & install an “update” – that acts exactly as above, locking machines and demanding money.

    The difference? Centralising and automating the update process, eliminating the ability of users to say “this is fake”.

  • Emails stored on some third party servers can never be secure unless encrypted at source. To send secure email, first thing is to avoid getting it stored on external server. User Binfer will send messages directly.

Show more comments

Comments are closed.

Log in to comment on this story!