Beware of 'Big Head' Ransomware: Fake Windows Update Alert Threatens Data
Security researchers have analyzed a new ransomware strain called 'Big Head' that is believed to be spreading through malvertising campaigns promoting fake Windows updates and Microsoft Word installers. The ransomware, written in .NET, installs encrypted files on the target system for propagation, Telegram bot communication, and file encryption. It also displays a fake Windows update screen during the encryption process. Multiple variants of Big Head have been identified, with some incorporating data-stealing capabilities and file infection techniques. While not highly sophisticated, the ransomware targets consumers who may be easily tricked or lack cybersecurity awareness. The main author of Big Head is suspected to be of Indonesian origin, according to cyber-intelligence firm KELA.