Cisco Security’s Talos researchers discovered a new scam email, involving what’s known as ransomware, going around that offers to upgrade computer users to Windows 10 for free. While Microsoft is upgrading Windows users for free, the company is only sending notifications to users via their desktops, and is not emailing anyone. If you see an email along those lines from someone purporting to be Microsoft, delete it immediately.
Those that do download the “upgrade” from the email will instead find their computers taken over by ne’er-do-wells who will demand to be paid, likely with Bitcoin, as it’s untraceable.
A wait process for the real Windows 10 might make some users impatient, and therefore, vulnerable, Talos points out.
“This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain,” Talos’ report says. “The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.”
Talos advises people to back up their data, and keep copies of those backups offline, where they’re safe from attackers. And again, if you receive an email that seems like maybe it could be from Microsoft offering a Windows 10 upgrade, just delete it.
Your Files Are Encrypted with a “Windows 10 Upgrade” [Cisco blog]