Fake Windows Updates Are Being Used to Distribute Ransomware: Here’s What You Can Do About It

Image Source: Unsplash

For some users, it can feel like a constant stream of fake Windows updates is flooding their systems. We’re constantly being told to download and install security updates because they prevent the software vulnerabilities that allow hackers to take over our machines. However, a new breed of malware is using these fake Windows updates as a distribution method to spread itself.

These so-called “ransomware” attacks leverage the update process as a way for the criminals who created the malware. They spread themselves throughout an environment and demand payment in exchange for decryption keys that will allow them access to user data.

Thankfully, there are several ways you can identify whether or not your system is compromised by ransomware—and what you can do about it.

Batch File Removal Tool

One of the first things you should do when you think you’ve been hit by ransomware is to check the status of the .bat file. You’re likely safe if it’s not there—but if it’s there, it can be a sign that ransomware has infected your computer.

Therefore, the first step in fighting against ransomware is removing the malicious .bat file. If this action frees up some space on your computer, great; if not, you’re still in danger, as the malware will now have access to the system’s registry, which it can then modify to its liking.

Identify Legitimate Software Downloads

It can be difficult to differentiate between legitimate and malicious software when installing it. As time passes and you become more familiar with computers, you’ll be able to identify more malware by looking for signs that it’s not from an official source. Malware authors try to ride the coat-tails of legitimate software updates to spread malware more rapidly.

Check the “Publisher” section of any software update for Windows Update to see if it’s from an official source. If it is, then you can rest a little bit easier since you know it’s not a malicious program. However, in many cases, it’s not apparent which updates are from official sources and which ones aren’t.

Use Security Updates to Keep Your System Safe

If you see a software update that you think is either legitimate or nefarious, you should follow these steps to keep your system secure:

• Verify the update is legitimate: You can do this by looking for updates based on official firmware (i.e. it’s a standard update).
• Verify the update has a valid level of security: This is often done by comparing the update to an established standard for software updates. If the update doesn’t meet these criteria, it’s likely malicious.
• Keep the operating system updated: No matter what you do, you cannot stop Windows from updating itself. You should therefore keep your operating system current by following the instructions found on the Windows Update website.

Be Cautious About the Email Attachments You Open

One of the first signs that something isn’t right when you open an attachment from an email is when the program responsible for opening the file—usually Windows—queries the file’s integrity. This is because the operating system tries to ensure that the file you opened is intact and not malicious. You should still proceed cautiously if it indicates that the file is good to go.

Preventing Ransomware Attacks in Your Organization

Depending on how you handle these attacks and distribute updates, you can help propagate these attacks within your organization. Malware developers are constantly coming up with new ways to spread their malware.

Some of these attacks are more sophisticated than others and use tools like social engineering to try and trick people into running malicious code.

You can protect your organization from these attacks by using a tabletop exercise. The purpose of tabletop exercise is to help organizations identify any gaps in their incident response plans and make necessary changes.

A tabletop exercise is a simulated cybersecurity incident used to test an organization’s incident response plan. The goal of a tabletop exercise is to walk through the steps of the incident response plan and identify any gaps or weaknesses.

Ransomware is a serious and growing issue that poses a significant risk to the integrity of computers and their data.

These attacks are rising, and you must be careful what programs you install and where you get your software from. Make sure you’re using the suitable update method and have a backup strategy in place in case something goes wrong.