A malicious spam campaign that informs victims it contains a critical Windows update instead leads to the installation of Cyborg ransomware. An executable file disguised as a.jpg leads not only to ransomware but also its builder, which can be used to create variants. Researchers were able to access Cyborg-Builder-Ransomware’s builder on Github, which is still available on the platform. The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers said.
Source: https://threatpost.com/windows-update-cyborg-ransomware/150407/