Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month. Over the past few days, researchers at BleepingComputer have received a surge of requests for help regarding a ransomware infection targeting users worldwide. While researching the campaign, researchers discovered a topic in the forums where readers report becoming infected by the Magniber ransomware after installing what is believed to be a Windows 10 cumulative or security update. These updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi being the most common. Other downloads pretend to be Windows 10 cumulative updates, using fake knowledge base articles, as shown below.
Aside from it being legally unwise to use pirated software of any kind in a business environment, sites for downloading pirated software are a commonplace for threat actors to plant trojanized versions of software. It is highly recommended to use a legitimate version of Windows and never download security updates from any source other than Microsoft.