Ransomware masquerading as an upgrade to Windows 10 has been affecting Australian businesses and consumers.
According to the federal government’s Stay Smart Online service, the ransomware is delivered in an email claiming to be from Microsoft offering a free upgrade to Windows 10.
The spam contains a .zip file attachment, which contains a program labelled as the Windows 10 installer. When run, the program will encrypt important files, including Word documents and photos on the computer.
Windows 7, 8 and 8.1 users should have a Windows 10 icon on their taskbar that they are able to click to determine if their system is compatible and reserve their copy of the free upgrade.
Users that do not have this icon are advised to register at Microsoft’s official website. Under no circumstances will Microsoft send an email with the free upgrade offer.
Security researchers at Cisco provided detailed technical information on the attack on the company’s blog, along with a video showing the consequences of running the ransomware program.
The Federal government is advising business users to check upgrades with IT departments instead of attempting to perform upgrades themselves.
Businesses are also advised to stay vigilant in protecting existing computer systems, ensuring that critical data is backed up in case an attack occurs. Encrypted data could then be recovered from backup copies.
Unlike previous ransomware campaigns, the current Windows 10 attack does not use exploits, and relies instead on the user being deceived into running the malware.
As always, Stay Smart Online does not recommend infected users pay the ransom under any circumstances as the attacker would then be able to encrypt files a second time.