Big Head Ransomware: Fake Windows Updates Pose Serious Threat
Originally Published 2 years ago — by The Hacker News
A new ransomware called Big Head is being distributed through a malvertising campaign disguised as fake Microsoft Windows updates and Word installers. The ransomware encrypts files on victims' machines and demands a cryptocurrency payment. Trend Micro has analyzed the ransomware and identified its inner workings, including its ability to display a fake Windows update UI to deceive victims. The malware also deletes backups, terminates processes, and checks for virtualized environments. It disables the Task Manager, aborts itself in certain languages, and incorporates a self-delete function. Trend Micro has detected a variant of Big Head with stealer behaviors and another variant that incorporates a file infector called Neshta. The identity of the threat actor behind Big Head is currently unknown.