A Windows 10 spam campaign spoofing Microsoft spoofing a free upgrade to Windows 10 has surfaced. Researchers spotted an email with an attachment from an email address in Thailand spoofing update at Microsoft[.]com. Users who download and execute the files inside the zip archive are hit by the CTB-Locker brand of ransomware. CTB is spread via email, exploit kits or drive-by downloads, encrypts documents stored on the computers and demands a ransom paid in Bitcoin in exchange for the encryption key. This campaign gives users a 96-hour window to deliver payment, which is shorter than other campaigns.
Source: https://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware/114114/