Beware of Big Head Ransomware: Spreading Through Fake Windows Updates
A developing ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency payment. "One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said. "One of the variants has a Microsoft Word icon and was likely distributed as counterfeit software." Most of the Big Head samples have been submitted from the U.S., Spain, France, and Turkey. In a new analysis of the .NET-based ransomware, Trend Micro detailed its inner workings, calling out its ability to deploy three encrypted binaries: 1.exe to propagate the malware, archive.exe to facili...