Trend Micro has posted a blog analyzing variants from a ransomware strain titled “Big Head,” which has the novel capability of hiding its encryption of a victim’s files with a fake Windows update alert. Researchers describe how, after running a series of checks, these Big Head variants post a screen that looks remarkably similar to what is seen when Windows is applying an update, before posting the actual ransom note once the encryption is complete.
While this technique is novel, overall Trend Micro finds that Big Head is “not a sophisticated ransomware strain, its encryption methods are pretty standard, and its evasion techniques are easy to detect.” It’s instead built for targets who are fooled by easy tricks or who have not applied basic safeguards against ransomware, although they note that Big Head’s creators appear to be continuously refining the malware and its tactics. Members are encouraged to keep abreast of the latest ransomware behaviors to defend against. WaterISAC recommends referencing CISA’s StopRansomware page for the most up-to-date resources and tools. Read more at Bleeping Computer.