Security researchers from Trend Micro and Fortinet have identified a new ransomware strain known as Big Heat. The threat encrypts files on an infected PC and demands payment to recover them, according to reports summarized by news outlets and industry researchers.
Big Heat spreads by masquerading as Windows updates or as a Microsoft Word installer. When an affected file is executed, the screen may display a sequence that imitates the standard Windows update process. After this simulated update completes, users are shown a prompt claiming their files are encrypted and a ransom must be paid to regain access. Victims are instructed to contact the attackers via email or messaging apps to arrange a cryptocurrency payment in exchange for a decryption tool or key. Citations from Trend Micro and Fortinet provide the technical breakdown of this behavior.
A notable feature of Big Heat is its language check. The malware appears designed to stall or deactivate itself when Russian or other CIS languages are selected, potentially indicating a targeting strategy intended to reduce detection in certain regions. Investigations also reveal a deliberate attempt to impede recovery by deleting existing Windows backups, making local restoration without payment impractical. Despite these steps, the malware does not tamper with certain directories, such as Recycle Bin, Program Files, Temp, Program Data, Microsoft, or Application Data, in order to minimize initial performance degradation during the encryption process. Researchers warn that this selective approach makes the attack feel more legitimate and less disruptive at first glance, which can discourage quick suspicion by casual users.
Analysts have identified three Big Heat variants, with researchers describing the samples as relatively simple in design and clearly aimed at non-technical, everyday computer users. While all observed versions appear to be controlled by a single operator, security teams also note activity traces linking the operations to suspects in Southeast Asia, as tracked by threat intelligence groups. The recurring message from researchers emphasizes that basic precautions—updating software, enabling robust backups, and maintaining up-to-date antivirus—are critical to reducing risk. Industry notes summarize these findings as part of ongoing ransomware education campaigns for both individuals and organizations.
As background context, analysts remind readers that Microsoft ended support for certain Windows 11 builds earlier or more gradually than some expectations, underscoring how out-of-date systems can become easy targets for opportunistic ransomware campaigns. This reminder coincides with broader cybersecurity guidance urging users to maintain current patch levels, implement multi-factor authentication where possible, and follow established incident response practices when suspicious activity occurs. Research into Big Heat continues, with firms sharing indicators of compromise and recommended protections to help users avoid becoming victims.
Attribution: Trend Micro and Fortinet details are summarized here for safety awareness and to guide readers on defensive steps. The information reflects industry observations and public advisories issued to help users recognize the signs of ransomware and respond promptly.