Security News > 2023 > July > Beware of Big Head Ransomware: Spreading Through Fake Windows Updates
A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.
Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency payment.
"One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said at the time.
Big Head is no different from other ransomware families in that it deletes backups, terminates several processes, and performs checks to determine if it's running within a virtualized environment before proceeding to encrypt the files.
Trend Micro said it detected a second Big Head artifact with both ransomware and stealer behaviors, the latter of which leverages the open-source WorldWind Stealer to harvest web browser history, directory lists, running processes, product key, and networks.
"Incorporating Neshta into the ransomware deployment can also serve as a camouflage technique for the final Big Head ransomware payload," Trend Micro researchers said.
News URL
https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html
Related news
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)