Watch out - that Windows update could actually just be ransomware

Fortinet screenshot of Big Head fake Windows Update ransomware attack
(Image credit: Fortinet)

Cybersecurity company Fortinet has identified a new money extortion scam disguised as a Windows update page, urging users of the most popular desktop OS to be vigilant.

The attack, which researchers at the company’s FortiGuard Labs division say is considered to be of high severity, encrypts files on the compromised machine. In exchange for their files back, the attacker demands ransom.

The ransomware variant, which is known as Big Head, is believed to have been launched in May 2023. An estimated three current variants are all designed to encrypt files on victims’ machines to extort money.

Windows update ransomware attack

FortiGuard Labs says “there is no indication that Big Head is widespread,” but given that it’s just a few weeks old at this point, predicting how quickly it could spread is difficult.

So far, analysts have observed two variants at play. The first displays a fake Windows Update screen that reads “Configuring critical Windows Updates.” Once it disappears from the screen after around 30 seconds, it will have already encrypted users’ files “with names randomly altered.”

A handful of “README” files have been seen to carry email addresses, Telegram account details, and even a Bitcoin address, all of which designed to collect money from victims under the promise of file decryption.

The second version uses a different method which, for the end user, will result in the attacker changing the desktop wallpaper for a ransom note demanding one Bitcoin (currently around $30,000).

Big Head ransomware currently appears to be targeting US consumers, though some other attacks by the same group have also been observed in Spain, France, and Turkey.

FortiGuard concludes that, because the majority of ransomware is typically delivered via phishing scams, some simple cybersecurity protection knowledge and hygiene could prevent them.

Data backup frequency, location, and security all need to be considered as ransomware attacks become both more common and more advanced.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!