Security News > 2023 > July > New ‘Big Head’ ransomware displays fake Windows update alert
Security researchers have dissected a recently emerged ransomware strain named 'Big Head' that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
'Big Head' ransomware is a.NET binary that installs three AES-encrypted files on the target system: one is used to propagate the malware, another is for Telegram bot communication, and the third encrypts files and can also show the user a fake Windows update.
Big Head will terminate the following processes to prevent tampering with the encryption process and to free up data that the malware should lock.
During the encryption, the ransomware displays a screen that purports to be a legitimate Windows update.
Trend Micro also analyzed two more Big Head variants, highlighting some key differences compared to the standard version of the ransomware.
Trend Micro comments that Big Head is not a sophisticated ransomware strain, its encryption methods are pretty standard, and its evasion techniques are easy to detect.
News URL
Related news
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)