Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Windows 10 Free Upgrade Removal, Description and Protection

NameCTBLocker from Windows 10 Fake Upgrade
TypeSpam Email, CTB Locker ransomware
Short DescriptionAfter infection encrypts files important for the user, demanding ransom in bitcoin currency or any other currency paid online. May not restore files after.
SymptomsScreen message, Corrupted error message when trying to open important files.
Distribution MethodVia spam mail from [email protected](dot)com
Detection toolDownload SpyHunter, to See If Your System Has Been Affected By CTBLocker from Windows 10 Fake Upgrade

Source: blogs.cisco.com/talos

Source: blogs.cisco.com/talos

As of July 29th Microsft has begun their biggest upgrade so far in their history – the one for Windows 10. Along with this upgrade, concerns have been raised over spoof emails from an email by the name of [email protected](dot)com, confirm cisco researchers from Talos Group. Marcin ‘Icewall’ Noga, a security research engineer from Talos group has confirmed that a message, prompting the user to upgrade to windows 10, along with an attached .zip archive from it carried out a malicious payload. The files in the .zip were actually part of a ransomware virus, called CTB-Locker. Ransomware encrypts important files and documents of on the victim PC, demanding to contact the attackers for ransom.

Windows 10 Free Upgrade Description

The spam message originating from the abovementioned mail had an IP address originating from Thailand. It is a common trend for cyber criminals to take advantage of events such as new software coming out or anything similar to that in order to initiate global spam campaigns. Combine that with the increased ransomware attacks and this is the perfect get-rich-quick scheme. Fortunately there are several ways to protect oneself from ransomware.

The ransomware CTB Locker which is connected with this specific threat, is a file-encrypting software which does not leave any decryption codes after encrypting the victim’s files. More so, attackers demand users to contact them on their terms, via browsers who are anonymous and proxies which cannot allow them to be traced back and arrested. CTB Locker may be detected on all versions of Windows, varying from XP to 10. It is also reported to affect the svchost.exe Windows processes.

Source: blogs.cisco.com/talos

Source: blogs.cisco.com/talos

Unlike most ransomware viruses that use RSA encryption, CTB Locker is reported to employ elliptical curve type of encryption which serves the same purpose, but has different algorhithm. CTB Locker is reported to give most users a deadline of 96 hours in order to pay the ransom which is very short in comparison to other ransowmare malware. Also reports estimate around 100 network streams to different online locations worldwide, which suggests that this may be an organized attack.

Windows 10 Fake Upgrade Protection

Security engineers recommend that you back up your files immediately in order to be able to restore them. In order to protect yourself from CTBLocker from Windows 10 Fake Upgrade (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
backup-1
2-Type Backup And Restore
3-Open it and click on Set Up Backup
w7-backup3
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
backup-3
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
backup-4
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by CTBLocker from Windows 10 Fake Upgrade.
backup-5
For Windows 8, 8.1 and 10:
1-Press Windows button + R
filehistory-1
2-In the window type ‘filehistory’ and press Enter
filehistory-2
3-A File History window will appear. Click on ‘Configure file history settings’
filehistory-3
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
filehistory-4
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from CTBLocker from Windows 10 Fake Upgrade.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
sysdm
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
windows-defense2
3- A System Properties windows should appear. In it choose System Protection.
windows-defense3
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from CTBLocker from Windows 10 Fake Upgrade is on.
windows-defense1
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
file-restore1
2-Click on the Previous Versions tab and then mark the last version of the file.
file-restore2
3-Click on Apply and Ok and the file encrypted by CTBLocker from Windows 10 Fake Upgrade should be restored.

Windows 10 Free Upgrade Removal

The best protection against such vile threat to your computer still remains to be downloading and installing advanced anti-malware protection program. It will detect and remove any files and registry entries out of the ordinary from an infected machine.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.