The threat was discovered by researchers at Trustwave, and is said to be unique in a few ways. The attached file claims to be a .jpg format, but it opens as an .exe file. Another of the email's unique aspects is that it has a two-sentence subject that states, "Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!" The body of the email has only one sentence. Typically a malicious email will have a longer body to try and lure victims into downloading the attached files.
One of the most important discoveries that the security researchers made was that the executable led them to the malware builder hosted on GitHub. The team says that the 7Zip file "Cyborg Builder Ransomware V 1.0.7z" from the Cyborg-Builder-Ransomware repository was uploaded to Github two days before the misterbtc2020 hosted the Cyborg ransomware executable.
YouTube Video Of Cyborg Ransomware Builder How-To Pointing To GitHub Download
Trustwave says that having the ransomware and its builder hosted on GitHub is a big deal. Anyone can get the software and create their Cyborg ransomware executable. The researchers note that the email has all the hallmarks of malicious spam, which is how it was initially identified. Spoofing the file extension of the spam download is a common trick to evade email gateways.
The researchers who discovered the ransomware say they informed GitHub on Sunday, November 17, that there was an account holding Cyborg ransomware and its builder on the platform. The report is said to be processing, and the account was still active as of yesterday. In other ransomware news, researchers have linked a rise in fatal heart attacks to hospital ransomware attacks.