Big Head Ransomware: A New Threat to Windows Devices
Researchers are on the trail of a new ransomware family called Big Head. The new family would be built and spread through one hacker, making the attack more dangerous little by little. Big Head can wreak havoc on Windows devices.
Big Head Discovered in Fake Windows Update and Microsoft Word Installation
Cybersecurity researchers have found new ransomware in a fake Windows update and a supposed Microsoft Word installation process. It concerns the Big Head ransomware. Fortinet seems to have spotted the family first and released a report on June 16.
Trend Micro supplemented the findings with a new variant on July 7. For example, three varieties of Big Head are currently known. According to the experts, the first version of Big Head dates from May 2023. According to the report, the hacker is still tinkering with the ransomware and the different variants provide optimization options.
No Obvious Signs of Intrusion Before Ransomware Spreads
As a user, there are no obvious signs of intrusion before the ransomware spreads. Big Head encrypts files while displaying a legitimate-looking Windows Update loading screen. Once the update finalizes, the files and copies are encrypted and task manager is inaccessible. Finally, the user receives a clear signal of the breach through a new wallpaper titled: “Big Head ransomware”.
The hacker asks to donate one bitcoin and provides a link to his digital wallet. Furthermore, the victim is given an email address and Telegram account to contact the hacker.
Residents of former Soviet Union member states are spared from the ransomware problems Big Head poses. According to Trend Micro, the new threat controls the system language and will not spread the ransomware to Windows users who live in a former member state of the Soviet Union.
Big Head Variant Steals Data and Injects Malicious Code
A variant of the ransomware also steals data from the infected device. This concerns the following data: search history, folders, installed drivers, running processes, the product key, active networks and the ransomware can take screenshots.
The last known variant inflicts more damage on the affected device by injecting malicious code into executable files. Researchers at Trend Micro think they have discovered the usefulness of this. They believe that the addition of the infected code prevents the ransomware from being detectable.
Unknown Hacker May be from Malaysia or Former Soviet Union
Who the hacker is remains unknown for now. The hacker may live in a country that used to be part of the Soviet Union. Trend Micro, on the other hand, is looking more in the direction of Malaysia. In their investigation, the experts of this cybersecurity company came across a YouTube channel that uses the same image as in the wallpaper of infected devices. The experts found the channel by researching the Telegram account. The YouTube channel operates under the name ‘aplikasi premium cuma cuma’, which would be Malay for ‘free premium app’.
The location filter can of course also be set from pro-Russian thoughts. Since the war between Russia and Ukraine, the hacker may have chosen to target only users in countries that were part of the Soviet Union.
Big Head ransomware is a new threat to Windows devices that is still being developed and optimized by the hacker. The ransomware is spread through a fake Windows update and Microsoft Word installation process. It encrypts files and takes screenshots of the infected device. The hacker asks for a bitcoin donation and provides a link to his digital wallet. The hacker may be from Malaysia or a former Soviet Union member state. Residents of former Soviet Union member states are spared from the ransomware problems Big Head poses. Cybersecurity researchers are still investigating the hacker and the ransomware.