More threads by David Baxter PhD

David Baxter PhD

Late Founder
'Windows Update' by Email is Actually Ransomware
by John Lister,
November 21, 2019

A bogus "Windows Update" distributed by email is, perhaps unsurprisingly, actually ransomware. It shouldn't fool most users but makes it a good time to remind less tech-savvy PC owners of the need to take necessary precautions.

The unsolicited emails have a subject line of either "Critical Microsoft Windows Update!" or "Install Latest Microsoft Windows Update now!" Those who open the email will then see a message that says (complete with opening typo) "PLease install the latest critical update from Microsoft attached to this email." (Source:

$500 Ransom Demand
It seems a safe bet the scammers are deliberately trying to weed out the least tech-confident Windows users as easy marks.

The hope is that users will open the attachment that supposedly delivers the update. Despite posing as a jpg file (possible to evade unsophisticated security software) it's actually a Trojan which then downloads and installs ransomware from a remote server.
Once installed, the ransomware encrypts all files except for a text file that appears as a ransom note on the desktop, which asks for the equivalent $500 USD to regain access to the files. It's not clear yet whether paying up has any effect.

One major limitation to the scam is that the payment must be made in bitcoin, which is usually not easy to set up initially. It's tough to imagine there being too many people who think Windows Updates could come by email, but know how to pay in cryptocurrency.

Ransomware On The Up
The scam comes in the same week a security company reported ransomware was both the biggest and fastest growing security threat, with reported cases up by 74.2 percent on last year. That appears to be mainly because of two factors. (Source:

Firstly, ransomware "kits" are readily available, which makes it among the most viable methods for attackers who don't have the highest-level of tech ability themselves. Secondly, it's a method that's particularly attractive to criminals motivated by quick cash rather than causing disruption or trying to access confidential data.
Replying is not possible. This forum is only available as an archive.