Security News > 2023 > July > New ‘Big Head’ ransomware displays fake Windows update alert
Security researchers have dissected a recently emerged ransomware strain named 'Big Head' that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
'Big Head' ransomware is a.NET binary that installs three AES-encrypted files on the target system: one is used to propagate the malware, another is for Telegram bot communication, and the third encrypts files and can also show the user a fake Windows update.
Big Head will terminate the following processes to prevent tampering with the encryption process and to free up data that the malware should lock.
During the encryption, the ransomware displays a screen that purports to be a legitimate Windows update.
Trend Micro also analyzed two more Big Head variants, highlighting some key differences compared to the standard version of the ransomware.
Trend Micro comments that Big Head is not a sophisticated ransomware strain, its encryption methods are pretty standard, and its evasion techniques are easy to detect.