Security firm Trustwave recently discovered new traces of malicious programs, these malicious programs spread using email, and pretend to Windows Update, so that the device infected with Cyborg ransomware. This is a very typical method of attack, the first e-mail sent to potential targets may include fake Windows updates. The update seems to use a JPG file extension, the file extension is actually an executable file, once started, it will download other payload from GitHub.
Trustwave wrote:
Bitcoingenerator.exe file from Github account misterbtc2020 download the account in our survey has been active for a few days, but has now been removed. It contains in its btcgenerator repository. Like accessory, which is compiled .NET malware that Cyborg ransomware.
Ransomware infection device, user files will be encrypted and renamed using the "777" extension. At this point, the user file is locked, ransomware text document on the desktop, providing instructions on how to obtain the decryption key to the victims.
Needless to say, the easiest way to protect yourself is to avoid opening suspicious e-mail attachments and downloads. Update security software can also help detect infected files and prevent blackmail software from infecting your device.