Ransomware disguised as Windows update

A new ransomware that is disguising itself as Windows Updates, or a Word update, is trying to trick users into installing it.

Reddit to the rescue

You may or may not use Reddit but if you do, you’re probably aware that there are a lot of communities, some specifically geared towards computer help.  For example, r/computerhelp has over 20,000 members and you can ask all kinds of questions and get educated answers back that can help you lead to an answer or solution.  Or, get your help from BBG – contact us today to find out how we can help!


News > Cyber-Security > CS-General
by Kevin Wood

Don’t be fooled by the fake Windows Update virus!


Attackers are getting smarter and sneakier

You get a pop-up on your computer – remnants of a bygone era – that mentions an update for Windows, the operating system you rely on to do everything you do on your computer (unless you’re a Mac user, or use some variation of Unix or Linux).  The question is – will you fall for this trick or are you savvy enough to recognize a ruse when you see one? 

Hopefully your answer is the latter because a new virus, called, “Big Head” is in the wild, and it’s looking to encrypt all of your files and extort you for as much money as they can.  Clicking on the alert will cause a series of events to launch:

  • Three executable files are deployed – one for spreading the malware, one for communicating via Telegram (presumably to check in) and one for encrypting files.
  • Any backups detected are deleted.
  • The ransomware virus scans for virtualized environments, in case it’s on a Hyper-V or VMWare host.
  • Task Manager is disabled so the user cannot stop the process.
  • Files on the machine are encrypted and their file extensions are changed.
  • A ransom note is displayed on the screen alerting the user that their files have been encrypted and they must pay a “ransom” in order to get their files back.

As with most computer viruses, “Big Head” also attempts to copy itself to other computers.  The thinking is that the more you can encrypt, the better chance you have of getting payment.  While most everyday computer users won’t pay, or can’t afford to pay, the ransom, if the virus gets on the computer network of a company, there’s a much better chance of getting money.

How to stay safe from viruses

As with anything you do on the computer, you should be cautious of what you do on the internet, especially when it comes to your personal information – or files.  Ransomware attackers know this and attempt to play on your caution.

Think before you click

Before you click on a link, or a pop-up, or open an attachment in an email, you should be thinking about whether or not that’s a good idea.  It may sound silly to be that cautious but, in the event of a virus like “Big Head”, if you see a pop-up alerting you that your system is out of date and needs to be fixed immediately and click it, you’ll end up causing a lot more agony and stress than if you had thought about it first.

This rings true with emails as well and attachments.  When you receive an email from someone with attachments, or even links, in the email, you should be thinking about whether or not this is valid.  Were you expecting the file(s) from the person?  Were you expecting to receive an email with a link to open a file, or view a secure message? 

If the answer is no, or you’re unsure, it’s better to be cautious.  In the event of uncertainty, pick up the phone and call the person using a number you already have and ask them about this.  Do NOT email them – if their email is compromised, the attacker will be able to respond and trick you further.

Install anti-virus software

If you’re using a computer without anti-virus software of some sort, you’re risking being infected by any number of viruses or other malicious software, as well as direct attacks where attackers attempt to connect directly to your computer using known exploits.  Anti-virus software enables your computer to catch these before they run, protecting your computer.

The big caveat with this is that viruses can still get through when you click on them or install them.  Be careful of what you download, click on, install or open.  Make sure software is from trusted vendors and links or attachments are expected and from valid senders.

Stay up to date with windows updates

Yes, this article is about a virus that imitates a Windows Update alert and installs malicious software.  That doesn’t mean you shouldn’t know how to check for Windows updates and make sure you’re installing them regularly.

On a modern Windows 10, or later, computer, the easiest way to check for Windows updates is to press the “Windows” key on your keyboard, or click the “Start” button at the bottom left of your screen.  Next, just start typing the word “update” – this searches your computer for files or programs with the word update in it.  You’ll see “Check for updates” on the screen – you can hit the enter key on your keyboard or use your mouse pointer to click on it.

Once in, you can check for updates, install updates or review updates that have been installed and need you to reboot.  There are actual “pop-ups” for Windows updates but most times you’ll see it and it’ll disappear before you do anything with it.  That’s OK, just use the instructions above to check for updates on your own.

Have a backup solution

A good backup solution is critical for any computer user – from the single user to the multi-billion dollar organization.  There are plenty of programs and platforms out there for backing up files but picking the right one can be tricky.

This is why Balance Business Group has partnered with Infrascale to deliver a state-of-the-art backup and disaster recovery solution that can easily scale from small to large.  Whether you want hardware on-site, in the cloud, or both, we have solutions to match your preference.

Using proprietary hardware and software, we have created a backup solution like no other.  The level of detail to your IT environment gives you full control over your backup solution, what’s backed up and how.

When a disaster strikes and you need to go into recovery mode, our Orchestration Toolkit is your “One Stop Shop”.  With a proper setup during onboarding, your IT recovery solution is as easy as the push of a button on your web dashboard.  Your servers will spin up in the cloud exactly how they need to be started. 

Whether we need to verify that a SQL database loaded up before loading an application, or we need to ensure a specific program loaded up and is running successfully, we can setup your recovery program any way you need.  That way, when disaster strikes, you have one less thing to worry about.  Focus on investigating, recovering and ensuring users can connect to the cloud resources while you work on fixing the on-site issues.

Click on the “Learn More” button below and send an email to our Sales Team.  Let us know you’re interested in our Disaster Recovery as a Service platform and we can setup a meeting to go over your current IT environment, what pain-points you have with your current disaster recovery system and how we can help.

“Find out how our proprietary disaster recovery solution can take the stress out of backups and data recovery.  Leave the worrying to us”


  • Think before you click on a link in an email or open an attachment
  • Be cautious of software you download and ensure it’s from a trusted vendor
  • If you’re unsure whether or not something is safe, ask – call the person who emailed you or ask online about a site/file.  Reddit is a great resource for IT information for users of all skill levels