Security News > 2023 > July > Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates
2023-07-11 08:45

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.

Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency payment.

"One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said at the time.

Big Head is no different from other ransomware families in that it deletes backups, terminates several processes, and performs checks to determine if it's running within a virtualized environment before proceeding to encrypt the files.

Trend Micro said it detected a second Big Head artifact with both ransomware and stealer behaviors, the latter of which leverages the open-source WorldWind Stealer to harvest web browser history, directory lists, running processes, product key, and networks.

"Incorporating Neshta into the ransomware deployment can also serve as a camouflage technique for the final Big Head ransomware payload," Trend Micro researchers said.


News URL

https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html