| Name | CTBLocker from Windows 10 Fake Upgrade |
| Type | Spam Email, CTB Locker ransomware |
| Short Description | After infection encrypts files important for the user, demanding ransom in bitcoin currency or any other currency paid online. May not restore files after. |
| Symptoms | Screen message, Corrupted error message when trying to open important files. |
| Distribution Method | Via spam mail from [email protected](dot)com |
| Detection tool | Download SpyHunter, to See If Your System Has Been Affected By CTBLocker from Windows 10 Fake Upgrade |
Source: blogs.cisco.com/talos
As of July 29th Microsft has begun their biggest upgrade so far in their history – the one for Windows 10. Along with this upgrade, concerns have been raised over spoof emails from an email by the name of [email protected](dot)com, confirm cisco researchers from Talos Group. Marcin ‘Icewall’ Noga, a security research engineer from Talos group has confirmed that a message, prompting the user to upgrade to windows 10, along with an attached .zip archive from it carried out a malicious payload. The files in the .zip were actually part of a ransomware virus, called CTB-Locker. Ransomware encrypts important files and documents of on the victim PC, demanding to contact the attackers for ransom.
Windows 10 Free Upgrade Description
The spam message originating from the abovementioned mail had an IP address originating from Thailand. It is a common trend for cyber criminals to take advantage of events such as new software coming out or anything similar to that in order to initiate global spam campaigns. Combine that with the increased ransomware attacks and this is the perfect get-rich-quick scheme. Fortunately there are several ways to protect oneself from ransomware.
The ransomware CTB Locker which is connected with this specific threat, is a file-encrypting software which does not leave any decryption codes after encrypting the victim’s files. More so, attackers demand users to contact them on their terms, via browsers who are anonymous and proxies which cannot allow them to be traced back and arrested. CTB Locker may be detected on all versions of Windows, varying from XP to 10. It is also reported to affect the svchost.exe Windows processes.
Source: blogs.cisco.com/talos
Unlike most ransomware viruses that use RSA encryption, CTB Locker is reported to employ elliptical curve type of encryption which serves the same purpose, but has different algorhithm. CTB Locker is reported to give most users a deadline of 96 hours in order to pay the ransom which is very short in comparison to other ransowmare malware. Also reports estimate around 100 network streams to different online locations worldwide, which suggests that this may be an organized attack.
Windows 10 Fake Upgrade Protection
Security engineers recommend that you back up your files immediately in order to be able to restore them. In order to protect yourself from CTBLocker from Windows 10 Fake Upgrade (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by CTBLocker from Windows 10 Fake Upgrade.
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from CTBLocker from Windows 10 Fake Upgrade.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from CTBLocker from Windows 10 Fake Upgrade is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by CTBLocker from Windows 10 Fake Upgrade should be restored.
Windows 10 Free Upgrade Removal
The best protection against such vile threat to your computer still remains to be downloading and installing advanced anti-malware protection program. It will detect and remove any files and registry entries out of the ordinary from an infected machine.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
