Fake Windows Updates Are Being Used to Distribute Ransomware: Here’s What You Can Do About It
Do Son 
Image Source: Unsplash
For some users, it can feel like a constant stream of fake Windows updates is flooding their systems. Weβre constantly being told to download and install security updates because they prevent the software vulnerabilities that allow hackers to take over our machines. However, a new breed of malware is using these fake Windows updates as a distribution method to spread itself.
These so-called βransomwareβ attacks leverage the update process as a way for the criminals who created the malware. They spread themselves throughout an environment and demand payment in exchange for decryption keys that will allow them access to user data.
Thankfully, there are several ways you can identify whether or not your system is compromised by ransomwareβand what you can do about it.
Batch File Removal Tool
One of the first things you should do when you think youβve been hit by ransomware is to check the status of the .bat file. You’re likely safe if itβs not thereβbut if it’s there, it can be a sign that ransomware has infected your computer.
Therefore, the first step in fighting against ransomware is removing the malicious .bat file. If this action frees up some space on your computer, great; if not, youβre still in danger, as the malware will now have access to the systemβs registry, which it can then modify to its liking.
Identify Legitimate Software Downloads
It can be difficult to differentiate between legitimate and malicious software when installing it. As time passes and you become more familiar with computers, youβll be able to identify more malware by looking for signs that itβs not from an official source. Malware authors try to ride the coat-tails of legitimate software updates to spread malware more rapidly.
Check the βPublisherβ section of any software update for Windows Update to see if itβs from an official source. If it is, then you can rest a little bit easier since you know itβs not a malicious program. However, in many cases, itβs not apparent which updates are from official sources and which ones arenβt.
Use Security Updates to Keep Your System Safe
If you see a software update that you think is either legitimate or nefarious, you should follow these steps to keep your system secure:
- Verify the update is legitimate: You can do this by looking for updates based on official firmware (i.e. itβs a standard update).
- Verify the update has a valid level of security: This is often done by comparing the update to an established standard for software updates. If the update doesnβt meet these criteria, itβs likely malicious.
- Keep the operating system updated: No matter what you do, you cannot stop Windows from updating itself. You should therefore keep your operating system current by following the instructions found on the Windows Update website.
Be Cautious About the Email Attachments You Open
One of the first signs that something isnβt right when you open an attachment from an email is when the program responsible for opening the fileβusually Windowsβqueries the fileβs integrity. This is because the operating system tries to ensure that the file you opened is intact and not malicious. You should still proceed cautiously if it indicates that the file is good to go.
Preventing Ransomware Attacks in Your Organization
Depending on how you handle these attacks and distribute updates, you can help propagate these attacks within your organization. Malware developers are constantly coming up with new ways to spread their malware.
Some of these attacks are more sophisticated than others and use tools like social engineering to try and trick people into running malicious code.
You can protect your organization from these attacks by using a tabletop exercise. The purpose of tabletop exercise is to help organizations identify any gaps in their incident response plans and make necessary changes.
A tabletop exercise is a simulated cybersecurity incident used to test an organization’s incident response plan. The goal of a tabletop exercise is to walk through the steps of the incident response plan and identify any gaps or weaknesses.
Ransomware is a serious and growing issue that poses a significant risk to the integrity of computers and their data.
These attacks are rising, and you must be careful what programs you install and where you get your software from. Make sure youβre using the suitable update method and have a backup strategy in place in case something goes wrong.