New virus hides under Windows Update, locks the computer and demands a ransom

Information security specialists from Trend Micro and Fortinet companies have discovered a new virus called Big Heat. After penetrating into the computer, it encrypts all the files and extorts money from the users, Bleeping Computer reported.

Big Heat is spread online and disguised as a Windows update and Microsoft Word installation. After activating the infected file, an animation appears on the screen that duplicates the Windows update process, after which the user receives a notification that his computer is encrypted and to save the system, it is necessary to contact the hackers by e-mail or Telegram. There, the criminals ask users to transfer the ransom to their account in cryptocurrency.

Trend Micro specialists noted that Big Heat checks the language of the system before doing its dirty work. The virus does not work if Russian or any other language of the CIS region is selected in the settings.

First the malware deletes all available copies of Windows so that the user cannot restore the operating system without paying a ransom. During encryption, Big Heat does not damage Recycle Bin, Program Files, Temp, Program Data, Microsoft and App Data files, so as not to disrupt Windows performance in the future.

Trend Micro experts found three types of Big Heat, all of which experts say are not sophisticated and target ordinary PC users. It is believed that all types of viruses have a single operator. KELA's investigation has shown that the attack is coming from Indonesia.

Earlier, NEWS.am Tech wrote that a new type of malicious program called ShadowVault was discovered, designed specifically to steal confidential data from computers running macOS. In particular, the new virus steals Telegram accounts and bank data.