Windows 10 and Windows 11 users, pay close attention: an extortion scam disguises itself as a Windows Update. Big Head ransomware targets users by encrypting their files and demanding a ransom. Fortinet warns of this new threat.

Big Head, a new ransomware Windows © SquadDigital

Pay close attention: cybersecurity company Fortinet has identified a new scam out to extort your money. This ransomware disguises as windows update page, urging users of the world’s most popular desktop operating system to be vigilant. All recent versions of Windows are affected, but especially Windows 10 and Windows 11.

A ransomware attack disguised as a Windows Update

The attack, considered of high gravity by researchers at the company’s FortiGuard Labs division, encrypts files on the compromised machine. In exchange for the return of their files, the attacker demands a ransom.

The ransomware variant, known as big-head, was reportedly launched in May 2023. It is believed that three current variants are all designed to encrypt files of victims’ machines in order to extort money. A method that reminds us of this ransomware that was rampant in 2019 already under Windows 10.

FortiGuard Labs claims that Big Head is only a few weeks old. It is difficult at this stage to predict how quickly it could spread. In contrast, so far analysts have observed two variants in action.

Big Head, this ransomware that deploys in several equally destructive variants

The first poster a fake update screen Windows saying ” Configuring Critical Windows Updates “. Once it disappears from the screen after about 30 seconds, it will have already encrypted user files with randomly changed names.

A few README files have been spotted containing email addresses, Telegram account details and even a Bitcoin address, all designed to collect money from victims in exchange for the promise to decrypt the files.

To read: Windows 10, 11: the latest update fixes a very dangerous zero-day flaw, download it as soon as possible

Big Head ransomware in action © Fortinet

The second version uses a different method which for the end user results in changing the desktop wallpaper to a ransom note demanding Bitcoin, currently worth around $30,000.

Big Head ransomware currently targeting France, but also the United States, Spain and Turkey. FortiGuard concludes that since the majority of ransomware is typically distributed via phishing, basic knowledge of cybersecurity protection and simple hygiene could help prevent it.

Source : Fortinet


Leave A Reply