Beware: Windows 10 update email is a ransomware trap

November 26, 2019

By Kim Komando

Windows updates are a complicated matter. They’re essential to keep your system safe from hackers and security bugs, but Microsoft doesn’t exactly have the best track record for stable updates. Click or tap here to see how the last Windows update broke several PCs.

Despite questionable quality, keeping your system up to date is critical for security and privacy. Even when Windows updates are bad, we at Komando.com still recommend keeping your PC as current as possible — unless the glitches are bad enough to require a roll-back.

But be warned: Hackers and scammers exploit updates. In fact, a new spam email is making the rounds and the file inside contains ransomware. If you get a Windows 10 update email in your inbox, ignore it at all costs.

Windows update email acts like a Trojan Horse to your PC…

According to new reports from Tom’s Guide, a spam email circulating globally contains a tricky form of malware disguised as a Windows 10 update. This scam was first discovered by security researchers at Trustwave, who identified the email attachment as the infamous “Cyborg” ransomware.

When installed, this program locks your computer’s files and demands a ransom in the form of bitcoin to remove it.

Microsoft routinely releasing patches and updates for Windows 10, so an alert featuring another update might sound legitimate to casual users. The thing is, Microsoft doesn’t announce its updates via email. Hackers bank on users’ lack of knowledge to take advantage.

RELATED: Click or tap here to see if it’s worth updating from Windows 7 to Windows 10.

If you get the malicious email, which features subject lines like “Install Latest Microsoft Update now!” or “Critical Microsoft Windows Update!”, you should delete it immediately. Don’t even open it.

As previously stated, Microsoft never announces updates or provides download links through email. If that’s not enough to prove the message is a scam, take a look at the attached ransomware file, which doesn’t even disguise itself as an installer and looks like a .jpg image.

…an empty Trojan Horse

This .jpg format hilariously reveals the entire scheme. Based on further research from Bleeping Computer, experts have deemed this ransomware scam to be more of a dud than a threat. Disguising ransomware as a .jpg is a good way to hide its true nature — but it also renders the program completely useless.

By disguising ransomware as a .jpg, the hackers essentially broke their own software. To harm your computer, you’d need to change the filetype and run it as a program or command. Nobody would willingly do this.

Analysts speculate this particular scheme is a botched cyberattack scam with origins in Russia, and may be the work of an amateur. Whoever is behind it, they shot themselves in the foot trying to infect people’s computers with the sneaky file.

That said, it’s still worth deleting the email if it comes your way. No good can come of opening messages from unknown senders, and it’s wise to apply this logic to all emails you receive. After all, a skeptical mind is the key to a safe online experience.