Information security experts from Trend Micro and Fortinet have discovered a new Big Heat virus that encrypts all files and extorts money after it enters a PC. In this respect informs Edition of Bleeping Computer.
Big Heat is distributed on the web under the guise of Windows updates and a Microsoft Word installer. After the infected file is activated, an animation appears on the screen simulating the Windows update process. After the procedure is completed, the user receives a notification that his computer has been encrypted – to restore the system, you need to contact the hackers via e-mail or Telegram. There, the attackers will ask the victim to transfer a cryptocurrency ransom to their account.
Trend Micro noted that Big Heat checks the system language before starting up. The virus will not work if Russian or CIS languages are selected in the settings. The malware also pre-deletes all existing Windows backups, so the user cannot restore the operating system without paying the ransom. Big Heat does not touch files in directories such as Recycle Bin, Program Files, Temp, Program Data, Microsoft and Application Data so as not to impair Windows performance during encryption.
Trend Micro has found three types of Big Heat. Its experts all described themselves as “unsophisticated” and targeted casual PC users. All variants of the virus are assumed to have an operator. Investigators from the KELA company tracked down the intruders to Indonesia.
journalists before to solveMicrosoft will stop supporting some versions of Windows 11 as early as 2023.