By analyzing malware samples found on Windows 10 devices, security researchers have discovered a new variant of ransomware that can infect machines using these two operating systems.
“A lot of the malware samples used in this attack are also found in other ransomware variants that have infected people,” Ravi Kondapalli, chief operating officer of security firm Veracode, told Mashable India.
“It was interesting to find out that these two variants were the same,” he said.
Kondapali says the ransomware that was found in this case was a variant called Ransom.
In a blog post, he says the malware is distributed through a BitTorrent file-sharing website called RAT.
The RAT website uses a different encryption scheme than BitTorrent, which means that it has been identified by researchers.
“RAT has been around for a while now and we had never seen anything like this before,” Kondepalli said.
“This particular variant, RAT, appears to be distributed through BitTorrent.
It uses a very similar method to BitTorrent,” Kondo said.
While RAT appears to originate from Russia, Kondpalli says the virus was created by a cybercriminal in South Africa.
“It is quite likely that it was developed by a South African hacker and we need to be on guard.”
While Kondpadalli said the ransomware was only targeting Windows 10, he said it was also used on other platforms, including Windows Server.
The malware, he added, was distributed through multiple domains, which meant the criminals could be targeted in multiple countries.
Kondo also said there were some indications that the RAT malware was being distributed by the same actor that created the ransomware, but that was still unclear.
The ransomware used a “high-end” variant that was targeted against enterprises and was found on computers running Windows Server, Windows 10 Pro, Windows Server 2012 R2, Windows 7, Windows 8, Windows RT, and Windows 8.1.
“The attackers are probably targeting enterprises in South Korea and China,” Konde said.
The ransomware was found targeting a range of Windows 10 machines, including those running Windows 7 and Windows 10 Ultimate.
The threat actor was not specifically named in the report, but it was believed to be based in the country.
“Microsoft’s investigation suggests the attackers targeted enterprises in these countries,” Konda said.
“In particular, the attackers are targeting the Windows Server and Windows Enterprise products.
The attacks appear to be being carried out on servers running Windows 10 Enterprise and Windows Vista Business.”
Microsoft issued a security advisory for Windows 10 on Thursday, saying that users should upgrade to the latest version of Windows before installing the new operating system.
“For many of our customers, this update will be the first time they upgrade to Windows 10,” Microsoft said in the advisory.
“If you’re running a current Windows 10 PC, you can install this update using the instructions in this advisory.
If you’re not currently running a Windows 10 device, you should also apply this update.”
In the Windows Update section of Windows Update, users can choose to download the Windows 10 Update on the PC they are using, download the OS update, or upgrade to a new version of the operating system via the Windows Installer app.