1. If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

  2. Dismiss Notice

Email Ransomware threats

Discussion in 'Off-Topic' started by garandman, Dec 6, 2018.

  1. garandman

    garandman Instructor NES Member

    Joined:
    Jun 27, 2008
    Messages:
    12,791
    Likes Received:
    2,896
    Location:
    Dorchester MA / Sullivan County NH
    A friend of mine has been getting emails for two weeks, threatening to lock his computer up if he doesn't pay them in Bitcoin. He sees the first two lines and doesn't open them, just deletes them.

    He seems to have a fairly complete and up-to-date suite of tools on his PC laptop to prevent any intrusions: anti-malware, virus detection and the like. He only uses it at home or relatives, not at airports or cafe's or anything. Performance seems normal and he's not experienced any performance degradation, popups etc.

    I've suggested this is probably just a type of ransom and he's probably fine. But am I missing anything? Couple years ago one acquaintance did manage to get his system locked up, and paid the ransom.

    I've suggested he get a back up hard drive and copy files at least monthly, in case of a hard drive failure or the like. If the system is already penetrated that might not help, but going forward he'd have the data from an older backup.
     

  2. RumRunner

    RumRunner NES Member

    Joined:
    Aug 31, 2016
    Messages:
    1,204
    Likes Received:
    711
    Location:
    Malden, MA
    I haven't heard of any ransomware give you a heads up by email that your system is infected, the ransomware will just execute to let you know. Especially since people access their email from multiple systems so there would be no way of knowing if one of them was infected. To be safe, I'd make sure all my files are backed up, which of course should be done already. And do scans with more than one malware/ransomware utility to see if anything pops on any of the systems he usually uses.
     
    spcantwell and garandman like this.
  3. drumenigma

    drumenigma NES Member

    Joined:
    Dec 26, 2007
    Messages:
    3,469
    Likes Received:
    419
    Location:
    Purgatory
    More than likely if he was infected the message wouldn't come via email and it'd be too late to do anything about it unless there was a known fix anyways. Those viruses typically silently encrypt your files then only make themselves known when the damage is done. I would treat the email like any other email you might get from a Nigerian Prince.
     
    garandman likes this.
  4. drgrant

    drgrant Moderator NES Member

    Joined:
    Mar 21, 2006
    Messages:
    62,068
    Likes Received:
    14,925
    He needs to just keep deleting shit, I've been getting a flurry of those emails with a password in it I used like 10 years ago. It's at least over 100 emails in the past 2 months at this point. Basically they are attempting to intimidate people using password dump lists (from some compromised websites) from ages ago. Some of my customers have been getting them too, and I've gotten a few calls but most are savvy enough to just ignore them.

    -Mike
     
    DarkNet, LT1MCSS and Evadd like this.
  5. PaulR

    PaulR NES Member

    Joined:
    Aug 15, 2011
    Messages:
    6,593
    Likes Received:
    1,933
    Location:
    Western MASS
    You mean this one?
    "You can visit the police station but nobody can solve your problem. I dont live in your country. So they can not track me even for 6 weeks. Your OS is infected by our malicious soft. We had access to your webcam, at the moment you visited porn web-page. Now I have a video material with your masturbation. During RDP connection we downloaded your contactlist and if you ask me to delete this compromising evidence we need to win 650 USD in bitcoins. This is my wallet address ( 1HJbPsjhsqJquNfsHTPwMVSEig7cAZEze4 ) (something like a credit card number) I give you 28 h after you open this letter to complete the payment. You do not need to tell me that you have sent money to me. This address is given only to you, my system will remove everything automatically after transaction confirmation. If you need 48 hours just reply on this letter with +. Good luck. Dont forget about the ignominy"

    It's real.
    I would pay right away.
    [rolleyes]
     
  6. bdb

    bdb NES Member

    Joined:
    Jan 8, 2013
    Messages:
    1,950
    Likes Received:
    449
    Location:
    Woburn, MA
    Id' say if it hasn't already been locked it's a scam, they don't usually give you time to backup and clean the PC. There is a scam going around where they hack certain companies and gain access to emails and passwords and then spam them all. I had a low level account, like an online forum, where I use a password much less secure than say a financial institution password. It did catch my attention when the first line of the email had a password (very easy one) that I had used in the past. They then blast everyone a threatening email and demand bit coin or they will wreck your life. With males it tends to be "we know what nasty shit you have been doing on porn sites and hacked your computer and your camera and have the images of you doing nasty things while watching that porn that we will send to all your friends, family and coworkers if you don't pay" by a certain date. My company had a ton of these.

    ETA a few people beat me to it :)
     
    garandman likes this.
  7. kman

    kman NES Member

    Joined:
    Jan 24, 2012
    Messages:
    1,431
    Likes Received:
    675
    My 81 year old dad called me up complaining about these same emails! He said the emails were going on and on about how they have been watching him for years and see he visits weird genre porn sites. He knew this was fake since he just visits the standard ones...
     
  8. TJL

    TJL

    Joined:
    Sep 25, 2018
    Messages:
    104
    Likes Received:
    110
    Location:
    603 - 617
    LOL :D
     
  9. mothybee

    mothybee NES Member

    Joined:
    Nov 13, 2015
    Messages:
    867
    Likes Received:
    512
    Location:
    merrimac, ma
    WAIT...WHAT?...YOU TOO! shhhhh, don't want the IRS to know about this.
     
  10. Nhusa

    Nhusa

    Joined:
    Dec 6, 2015
    Messages:
    1,069
    Likes Received:
    441
    Location:
    NH Seacoast
    Every two weeks or so I get an email with a link saying that I need to update my Apple account or it will be disabled within 24 hours.
    Sometimes it says that they detected illegal activity on my Apple account and if I don't respond within 12 hours it will be cancelled.
    Since I haven't responded or updated my info I guess that my Apple account is disabled and cancelled.
    The best I can figure is that a disabled and cancelled account is like a double negative and everything is normal.

    Normal means I don't have an Apple account.
     
  11. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    15,476
    Likes Received:
    3,350
    Location:
    NH
    I'd reply thanking them for deleting my apple account, saves me the time. Screw apple and their desire to censor everyone.
     
  12. swatgig

    swatgig NES Member

    Joined:
    May 26, 2011
    Messages:
    4,060
    Likes Received:
    2,043
    Location:
    Chained together with 999 of my associates at the
    Greetings, You have just received the "IRISH VIRUS". As we don't have any programming experience, this Virus works on the honour system. Please delete all the files on your hard drive manually and forward this Virus to everyone on your mailing list. Thank you for your cooperation
     
  13. Rob Boudrie

    Rob Boudrie

    Joined:
    Apr 24, 2005
    Messages:
    31,559
    Likes Received:
    7,031
    I knew it was fake since there is no camera on my home desktop, and the first thing I do with a laptop is cover the camera with tape.
     
    garandman, Golddiggie and Reptile like this.
  14. Racenet

    Racenet NES Member

    Joined:
    Aug 3, 2009
    Messages:
    1,576
    Likes Received:
    397
    Location:
    New Hampshire
    These people are really stupid. Here is one that I just received.

    =====================================================
    From: nightmаre <[email protected]> Subject: You are my victim.

    Hi, my рrеy.

    THIS IS MY LАST WARNING!

    I write you inasmuch as I embed a virus on the web page with porn which you have visited.
    My trojan caрturеd аll yоur privatе dаtа аnd switchеd on your camеra which reсordеd thе аct of yоur sоlitary sex. Just аfter thаt the trоjаn saved your сontаct list.
    I will erase thе comрromising vidео recоrds and infоrmаtion if you sеnd mе 600 USD in bitcoin.

    This is addrеss for раyment : 1PLtH8HPHQLboeFvrBN2XJPJz99TxayGCo

    I give you 30 hоurs after yоu oрen my mеssagе fоr making the раymеnt.
    As sоon аs you rеad thе mеssаge I'll sее it right awаy.
    It is nоt nеcеssаry to tеll me that you hаve sеnt mоney to me. This addrеss is connесtеd to you, my systеm will erased autоmаtically after transfer соnfirmatiоn.
    If yоu nеed 48h just Ореn thе сalculаtоr оn your desktoр аnd рrеss +++
    If you don't pay, I'll send dirt tо all yоur соntаcts.
    Lеt mе rеmind you-I see whаt yоu'rе dоing!
    Yоu саn visit thе police оffiсе but anybody can't hеlp yоu.
    If yоu try to decеivе me , I'll knоw it immеdiаtely!
    I don't livе in yоur сountry. So anyone саn nоt traсk my loсаtiоn even for 9 months.
    byе. Dоn't forget about thе shame and tо ignоrе, Your lifе cаn be ruined.
    ================================================================

    I sure am scared now! [crying][rofl2]
     
    Prepper likes this.
  15. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    15,476
    Likes Received:
    3,350
    Location:
    NH
    So at 10 months they can be tracked? I don't get it. They really should hire an American to proof read these things before sending them out.
     
    Racenet likes this.
  16. dingbat

    dingbat NES Member

    Joined:
    Nov 2, 2008
    Messages:
    2,747
    Likes Received:
    860
    Location:
    North Taxolina
    I think if anyone ever sent me that email, I'd send them a video of me masturbating,.... just to teach them a lesson.
     
  17. -B-

    -B-

    Joined:
    Aug 31, 2015
    Messages:
    273
    Likes Received:
    28
    report them to their ISP as a phishing / ransom attack
     
  18. swatgig

    swatgig NES Member

    Joined:
    May 26, 2011
    Messages:
    4,060
    Likes Received:
    2,043
    Location:
    Chained together with 999 of my associates at the
    I hate these scammers too, but that’s too cruel.
     
    spcantwell and dingbat like this.
  19. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    15,476
    Likes Received:
    3,350
    Location:
    NH
    Impossible since they usually fake the email address. You don't know who they are.
     
  20. RumRunner

    RumRunner NES Member

    Joined:
    Aug 31, 2016
    Messages:
    1,204
    Likes Received:
    711
    Location:
    Malden, MA
    Oh man, what are you going to do now that they know about your solitary sex? [laugh]
     
  21. calsdad

    calsdad NES Member

    Joined:
    Apr 24, 2006
    Messages:
    35,663
    Likes Received:
    9,794
    Location:
    Chelmsford MA
    I've gotten a number of those emails over the last year or so. They typically say that I have been found out for cruising porn sites - list my username and a password I know I have used in the past - and threaten to expose me unless I send them a couple thousand dollars in Bitcoin.

    I just ignore them and delete the email. I have signed up for porn sites - so what? They have my username and a password I've used in the past - so what?

    There's been a ton of data breaches over the last few years - and I have been online for more than 20 years. Sooner or later somebody was going to find me listed somewhere.

    I used to get the threatening emails after the Ashley Madison data breach too. Nothing happened.

    Nothing has actually happened from any of the other emails I've gotten recently either.


    My system sits behind a reasonably good quality firewall - and I run one of the higher rated virus/antihack protection programs.


    Plus they're threatening me to send them money in Bitcoin. That's just stupid. Bitcoin is a phucking pain in my ass. I used to deal with Bitcoin and completely and totally dumped the whole thing and washed my hands of it more than three years ago. If they think I'm wading back into that cesspool again they're just a bunch of morons.

    I'd be really curious how the acquaintance got his system locked up. Did he respond to the emails? That's the first dumb thing he did.

    If you're worried about losing data - then disconnect it from the system. I keep all of my important data on a RAID array that is connected to my PC thru iSCSI shares.

    If my system goes up in flames - all the data is still there and I can move the volumes over to a new system with some minor reconfiguration. I've already done it multiple times as I've moved from one system to my next upgraded PC - and it works just fine.
     
    garandman likes this.
  22. Reptile

    Reptile NES Member

    Joined:
    Dec 13, 2006
    Messages:
    11,423
    Likes Received:
    2,107
    I just replied to them...

    The video you have has poor lighting and bad acting.

    It is very boring until the end.

    Nobody wants to even see that video.

    I already made some High Def 5k videos of the highest production value and a very happy ending.

    They are all over the internet.

    The links have been send to everyone on my contact list along with my employer (a porn company).

    If you continue to harass me, I am going to report you to the internet.
     
  23. Golddiggie

    Golddiggie NES Member

    Joined:
    Dec 9, 2012
    Messages:
    12,073
    Likes Received:
    2,430
    Location:
    Pelham, NH
    This is why it pays to have solid anti spam software on your email server. When I go in to check the spam caught in mine, I see plenty of those messages. As already noted they're going to dead email addresses with inaccurate passwords (never used them in the form listed). So they can FOAD.

    The only reason I check the spam quarantine is in case an email gets caught that shouldn't have been. That happens every so often (infrequent) but it pays to check. I typically check about once a week (or so).

    I've also had my web cams blocked for ages. ;)
     
    garandman likes this.
  24. garandman

    garandman Instructor NES Member

    Joined:
    Jun 27, 2008
    Messages:
    12,791
    Likes Received:
    2,896
    Location:
    Dorchester MA / Sullivan County NH
    Good point about spam filter.
     
  25. Pete85

    Pete85

    Joined:
    Jun 9, 2008
    Messages:
    10,006
    Likes Received:
    1,607
    Not really ransomware but I did get this one a few days ago:

    upload_2018-12-7_15-32-11.png
    This seems totally legit, right? I mean they sent it to an email address not associated with an AmEx card, and they have "not been unable to reach [me]", so no red flags there. It was really nice of them to thank me for being a "Valid Cardmember" as well. Hard to believe people actually fall for this shit.
     
    garandman likes this.
  26. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    15,476
    Likes Received:
    3,350
    Location:
    NH
    There is also the unnecessary capitalization of words that don't require it, such as Transactions. Those Nigerians never figure out that they sound retarded by endlessly doing that. Granted this email did that less than usual, but it is still there. I'm not entirely sure why they do it, but I am guessing it is some form of pseudo legaleze they think impresses people or something.
     
  27. Rob Boudrie

    Rob Boudrie

    Joined:
    Apr 24, 2005
    Messages:
    31,559
    Likes Received:
    7,031
    garandman likes this.
  28. smokey-seven

    smokey-seven NES Member

    Joined:
    May 3, 2010
    Messages:
    2,609
    Likes Received:
    792
    Location:
    North Shore
    I get one or two a week and all from places where I don't have an account. Most go directly to spam but some don't. I always read them in "view source" and never open them.
     
  29. DarkNet

    DarkNet NES Life Member NES Member

    Joined:
    May 21, 2016
    Messages:
    226
    Likes Received:
    120
    Same here. I chuckle every time I read them when I get to the part where it says "I am a good hacker..." or something similar. All I can think is, no actually you're a bad script kiddie. They're all using the same compromised creds and same script to send out the emails.
     
  30. straightshooterjake

    straightshooterjake

    Joined:
    Jul 28, 2016
    Messages:
    130
    Likes Received:
    89
    Everyone should have trustworthy backups. For most people, I prefer an automated cloud backup system like backblaze or carbonite. Using a cloud system provides offsite protection against local physical disasters. Keeping copies of everything on another disk is also a good idea, but it does not provide protection against fire, flood, theft, or confiscation.

    If you are a computer savvy person, and people are asking you about this fake malware scam, then you should tell them about solutions that provide some resiliency against real malware. A ransomware attack should be viewed as a significant hassle, but overall survivable without paying the ransom or having significant data loss. For moderate sized home systems, cloud backups will cost well under $100 per year.
     
    garandman likes this.

Share This Page