When you see a Windows update, you anticipate a security improvement, not a threat. However, a sneaky extortion scam disguised as a Windows update page has recently appeared.

Its danger lies in encrypting files on your computer. The scammers then demand payment to return your files. This extortion scam is known as Big Head ransomware. Currently, it is aimed at U.S. consumers.

Understanding Big Head Ransomware

Fortinet, a cybersecurity company, discovered Big Head ransomware. Fortinet believes Big Head launched in May 2023. There are several variants designed to lock your files and demand money.

The first version shows a fake Windows Update screen. After about 30 seconds, it disappears. By then, it locked your files and changed the file names.

In some cases, you might see “README” files. These carry email addresses, Telegram account details, and even Bitcoin addresses. All these are there to collect money from you in exchange for unlocking your files.

The second version has a different method. Instead of a Windows Update screen, it changes your desktop wallpaper to a ransom note. This note asks for one Bitcoin, which is around $30,000.

Protecting Your Company

Big Head ransomware can damage your business. But you can protect yourself and your sensitive data. Here’s how:

  • Watch out for phishing scams: Most ransomware comes through these scams. Make sure you understand and can identify the telltale signs of a scam.
  • Back up your data often: The more frequently you back up, the less data you lose if attacked.
  • Choose where you back up your data carefully: Some ransomware can delete backups.
  • Secure your backup: Even if the ransomware can’t delete your backup, it might still be able to lock it. If possible, store an offline copy.

Safeguard Against Ransomware

Big Head ransomware is a severe threat. It may not be widespread yet, but it’s better to be safe than sorry. Be cautious with Windows updates, and safeguard your organization from phishing scams. Back up your data frequently and store the backups in a secure location. These measures can prevent ransomware attacks. When you safeguard your files, you protect your company.