Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a ""ESX" Attantion!!! Attack!!! "ESX"" email message - Urgent


  • Please log in to reply
7 replies to this topic

#1 cherm

cherm

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 01 September 2016 - 04:09 PM

Hi,

A few minutes ago I got the following email:

 

"

We are a HACKER TEAM - Armada Collective

1 - We have checked your information security systems, setup is poor; the systems are very vulnerable and obsolete.

2 - We'll demonstrate our work in the nearest future, this week. We'll execute some targeted attacks and check your DDoS servers by the 10-300 Gbps attack power

3 - We'll run a security breach test of your servers through the determined vulnerability, and we'll gain the access to your databases.

4 - All the computers on your network will be checked for the viruses and malware penetration Cerber, Locky, Cryptolocker - Crypto-Ransomware

5 - We save all the check data, you can get the data before the start of testing

6 - You have time to decide: whether you are going to wait for the start of your security systems testing, or you’d like to get the data before testing?

7 - We can start testing any time, so please, be prepared.

The price for information about security vulnerabilities of your systems is 1 bitcoin to ADDRESS: 1AfR5f2RugZXqbhanJ8pmn153udhLMFhTP

The price for testing of your systems is 20 bitcoins

 

Transfer 1 bitcoin to bitcoin ADDRESS: 1AfR5f2RugZXqbhanJ8pmn153udhLMFhTP

 

If you do not pay before the attack 1 bitcoin the price will up to 20 bitcoins

 

Bitcoins e-money https://en.wikipedia.org/wiki/Bitcoin

Bitcoins are very easy to use.

Instruction:

1.You have to make personal bitcoin wallet. It is very easy. You can download and install bitcoin wallet to your PC. There are lots of reliable wallets, such as: https://multibit.org/ https://xapo.com/

But there are much easier options as well. You can make bitcoin wallet online, for example blockchain.info or coinbase.com and many others.

You may also transfer money directly from exchanger or bitcoin ATM to the decryption address provided to you.

2. You can top up the credit on your bitcoin wallet in most convenient way:

- To buy bitcoins in the nearest bitcoin ATM; refer to the address on a website: coinatmradar.com/countries/

- by means of credit card or different payment systems such as PayPal, Skrill, Neteller and others or by cash, for example:

https://localbitcoins.com/buy_bitcoins

https://exchange.monetago.com

https://hitbtc.com/exchange

Please search how to buy bitcoins, how to make bitcoin wallet with Google for the additional information"

 

 

Should I take it serious?

Is there anything I can do but switch off my computer?

The announcement looks threatening! Please help or refer me to a specializing forum.

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 AM

Posted 02 September 2016 - 09:24 AM

Hi cherm :)

I wouldn't worry about that email, simply delete it and move along. These are "scare attempts" in order to scam money from users, since most of them will feel threatened and send the crooks the money because they don't want to be "attacked". For more information, you can take a look at the article(s) below.

https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
https://blog.cloudflare.com/lizard-squad-ransom-threats-new-name-same-faux-armada-collective-m-o-2/

Also, you would usually see these threats being sent to people owning websites, servers, etc. not to someone who only have a simple computer/laptop, etc. There's no point in DDoS'ing these.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 AM

Posted 02 September 2016 - 05:27 PM

You may also want to read: Beware of Phony Emails & Tech Support Scams


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 mollet

mollet

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 September 2016 - 01:20 AM

Hi there, got the same Email, with the same content except the Wallet.

And exactly this is what making me a liitle more nervous, because if the Wallet is different, they know who paid and who didnt, so my question ist, if all this is just fake / scare, why making it more complex and add / create different wallets ?

 

Iam in Germany, we are having a little datacenter and are very worried because 300 Gbps is to much for us...

 

Message Received:

  September 4, 2016, 23:17:51   Envelope From Address: anna@rijksbaron.nl   From Address: "EXS" <anna@rijksbaron.nl>   Recipient: bleep@michaelmollet.de   Subject: "EXS" Armada-Attack!!! "EXS"

 

We are a HACKER TEAM - Armada Collective

1 - We have checked your information security systems, setup is poor; the systems are very vulnerable and obsolete.
2 - We'll begin attack on Tuesday 06-09-2016 8:00 p.m.!!!!!
3 - We'll execute some targeted attacks and check your DDoS servers by the 10-300 Gbps attack power
4 - We'll run a security breach test of your servers through the determined vulnerability, and we'll gain the access to your databases.
5 - All the computers on your network will be attacked  for Cerber - Crypto-Ransomware
6 - You can stop the attack beginning, if payment 1 bitcoin to bitcoin ADDRESS:  1MqPo2vgLkXLhopNiV5s76TGSy5BZ4Abb5

7 - If you do not pay before the attack 1 bitcoin, the price will increase to 20 bitcoins
8 - You have time to decide! Transfer 1 bitcoin to ADDRESS: 1MqPo2vgLkXLhopNiV5s76TGSy5BZ4Abb5

 

 

Bitcoins e-money https://en.wikipedia.org/wiki/Bitcoin
Bitcoins are very easy to use.
Instruction:
1.You have to make personal bitcoin wallet. It is very easy. You can download and install bitcoin wallet to your PC.
There are lots of reliable wallets, such as: https://multibit.org/ https://xapo.com/
But there are much easier options as well. You can make bitcoin wallet online,
for example blockchain.info or coinbase.com and many others.
You may also transfer money directly from exchanger or bitcoin ATM to the decryption address provided to you.
2. You can top up the credit on your bitcoin wallet in most convenient way:
- To buy bitcoins in the nearest bitcoin ATM; refer to the address on a website: coinatmradar.com/countries/
- by means of credit card or different payment systems such as PayPal, Skrill, Neteller and others or by cash,
 for example:
https://localbitcoins.com/buy_bitcoins
https://exchange.monetago.com
https://hitbtc.com/exchange

 

How to make bitcoin wallet with Google for the additional information


Edited by mollet, 05 September 2016 - 01:49 AM.


#5 kopperdrake

kopperdrake

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 September 2016 - 01:36 AM

I've just received the same email to a personal email address, but I do run a small family company and therefore worried. I have no idea who to turn to about the email! I'm in the UK if that helps sort things, as I have the same 8pm deadline, and so would assume it's 8pm UK time. If you're not in the UK then it would look more like a copy/paste.

Contents of the email sent to me are below:

"EXS" Armada-Collective Invoice "EXS"


We are a HACKER TEAM - Armada Collective

1 - We have checked your information security systems, setup is poor; the systems are very vulnerable and obsolete.
2 - We'll begin attack on Tuesday 06-09-2016 8:00 p.m.!!!!!
3 - We'll execute some targeted attacks and check your DDoS servers by the 10-300 Gbps attack power
4 - We'll run a security breach test of your servers through the determined vulnerability, and we'll gain the access to your databases.
5 - All the computers on your network will be attacked for Cerber - Crypto-Ransomware
6 - You can stop the attack beginning, if payment 1 bitcoin to bitcoin ADDRESS: 1BMfGb5r7jJCq685ijN5GKyXWByRKn8wHh
7 - If you do not pay before the attack 1 bitcoin, the price will increase to 20 bitcoins
8 - You have time to decide! Transfer 1 bitcoin to ADDRESS: 1BMfGb5r7jJCq685ijN5GKyXWByRKn8wHh


Bitcoins e-money https://en.wikipedia.org/wiki/Bitcoin
Bitcoins are very easy to use.
Instruction:
1.You have to make personal bitcoin wallet. It is very easy. You can download and install bitcoin wallet to your PC.
There are lots of reliable wallets, such as: https://multibit.org/ https://xapo.com/
But there are much easier options as well. You can make bitcoin wallet online,
for example blockchain.info or coinbase.com and many others.
You may also transfer money directly from exchanger or bitcoin ATM to the decryption address provided to you.
2. You can top up the credit on your bitcoin wallet in most convenient way:
- To buy bitcoins in the nearest bitcoin ATM; refer to the address on a website: coinatmradar.com/countries/
- by means of credit card or different payment systems such as PayPal, Skrill, Neteller and others or by cash,
for example:
https://localbitcoins.com/buy_bitcoins
https://exchange.monetago.com
https://hitbtc.com/exchange

How to make bitcoin wallet with Google for the additional information

#6 mollet

mollet

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 September 2016 - 01:48 AM

I've just received the same email to a personal email address, but I do run a small family company and therefore worried. I have no idea who to turn to about the email! I'm in the UK if that helps sort things, as I have the same 8pm deadline, and so would assume it's 8pm UK time. If you're not in the UK then it would look more like a copy/paste.

Contents of the email sent to me are below:

"EXS" Armada-Collective Invoice "EXS"


We are a HACKER TEAM - Armada Collective

1 - We have checked your information security systems, setup is poor; the systems are very vulnerable and obsolete.
2 - We'll begin attack on Tuesday 06-09-2016 8:00 p.m.!!!!!
3 - We'll execute some targeted attacks and check your DDoS servers by the 10-300 Gbps attack power
4 - We'll run a security breach test of your servers through the determined vulnerability, and we'll gain the access to your databases.
5 - All the computers on your network will be attacked for Cerber - Crypto-Ransomware
6 - You can stop the attack beginning, if payment 1 bitcoin to bitcoin ADDRESS: 1BMfGb5r7jJCq685ijN5GKyXWByRKn8wHh
7 - If you do not pay before the attack 1 bitcoin, the price will increase to 20 bitcoins
8 - You have time to decide! Transfer 1 bitcoin to ADDRESS: 1BMfGb5r7jJCq685ijN5GKyXWByRKn8wHh


Bitcoins e-money https://en.wikipedia.org/wiki/Bitcoin
Bitcoins are very easy to use.
Instruction:
1.You have to make personal bitcoin wallet. It is very easy. You can download and install bitcoin wallet to your PC.
There are lots of reliable wallets, such as: https://multibit.org/ https://xapo.com/
But there are much easier options as well. You can make bitcoin wallet online,
for example blockchain.info or coinbase.com and many others.
You may also transfer money directly from exchanger or bitcoin ATM to the decryption address provided to you.
2. You can top up the credit on your bitcoin wallet in most convenient way:
- To buy bitcoins in the nearest bitcoin ATM; refer to the address on a website: coinatmradar.com/countries/
- by means of credit card or different payment systems such as PayPal, Skrill, Neteller and others or by cash,
for example:
https://localbitcoins.com/buy_bitcoins
https://exchange.monetago.com
https://hitbtc.com/exchange

How to make bitcoin wallet with Google for the additional information

 First you should try to find a telephone number from the sender Domain and try to speak to someone who knows what you are talking about, then he should immediatly shut down the email adress which was used.

This is the most important step so noone gets such emails further.



#7 tombugs

tombugs

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 05 September 2016 - 05:42 AM

Just to say that I too have received the same email, but with bitcoin ref 1AKzaz5kL8GzTV2McbhUomgCN5Ejf3zzJA

 

Googling "1AKzaz5kL8GzTV2McbhUomgCN5Ejf3zzJA" brought up someone else receiving this exact same key (polish site) recently

http://www.alter.si/tabla/showflat.php/Cat/0/Number/2475734/an/0/page/0/gonew/1



#8 kopperdrake

kopperdrake

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 September 2016 - 05:57 AM

Good idea tombugs - I did the same with mine and someone in France has had the exact same email as me, including the bitcoin address.

 

mollet - thanks for the advice. I looked up the domain name attached to the sender's field in the email I received and quite scarily the owner lives in the village next door, only two miles away! Their website wasn't working so I drove there and the poor chap was quite upset that his email was being used. He hadn't used that account for several years and was glad I'd told him - he is going to shut the account down and is also on to the police to notify them. His domain was registered with a local company but the internet being what it is, it has passed through various companies as they sold them on, and he believes it now resides with a company in Germany -  I have notified the UK antifraud people, have checked with our email/website hosts who are ready for DDoS attacks (they're a huge outfit in the US). Our ISP is also ready, and I'm currently running malwarebytes through all of our PCs incase Avast has missed anything. Beyond that I'm not sure what else we can do, but someone else having the same bitcoin address makes me somewhat happier it's just an arse trying to extort money.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users