Another day, another ransomware alert threatening to undo your precious, if a bit broken, Windows 10 device. A team of researchers have found a particularly nasty package that forces your PC into Safe Mode and then exploits it. Here’s what you need to know.
[referenced url=”https://www.lifehacker.com.au/2019/11/windows-10-update-is-actually-just-filled-with-ransomware/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/11/windows10screen-410×231.jpg” title=”Fake Windows 10 ‘Update’ Is Actually Just Filled With Ransomware” excerpt=”It’s no secret that Microsoft’s Windows 10 updates have been controversial as of late. They’ve been filled with patches fixing previous updates’ bugs only to create more issues. Now, there’s a whole new problem altogether: Fake ransomware-filled updates.”]
A team of researchers at security software company SophosLabs has been monitoring a number of ransomware threats on Windows 10 devices that target a vulnerability once they boot up in Safe Mode. The threat was first noticed in mid-October after an organisation reported an outbreak within their network. It was found the malware, called Snatch, forced computers into Safe Mode where most security software, as well as other essential programs, are disabled.
The Sophos team previously discovered the threat in 2018 prior to its new Safe Mode strategy, but have said the new adaption increases the severity of the malware considerably.
“Snatch can run on most common versions of Windows, from 7 through 10, in 32- and 64-bit versions,” the news report said. “The malware we’ve observed isn’t capable of running on platforms other than Windows. Snatch can run on most common versions of Windows, from 7 through 10, in 32- and 64-bit versions.”
Once the ransomware successfully penetrates a device, a ransom is demanded in Bitcoin. According to Sophos’ report, there have been at least 12 occasions between July and October 2019 of Snatch demanding Bitcoin ransoms between the value of $2900 to $51,000.
How do I avoid getting snatched by this Snatch ransomware?
Firstly, Sophos recommends organisations avoid using remote desktop access without proper protection and if necessary, using a VPN to protect their networks. Ensuring multi-factor authentication is also a no-brainer if you’re trying to avoid Windows exploitation.
But as always, a bit of internet literacy goes a long way. Avoid entering dodgy websites and downloading files you’re not certain about. Most times you’ll get alerts from your antivirus software and even your browser in some cases but it helps to familiarise yourself with suspect sites by checking out Scamwatch’s advice too.
If you suspect you’ve encounter this ransomware or another one, it’s best to speak to a computer expert and report it to the Australian Cyber Security Centre.