Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Wipe your computers, Don't use Windows 10" warning message


  • Please log in to reply
8 replies to this topic

#1 jrguthrie

jrguthrie

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sonoran Desert
  • Local time:05:50 PM

Posted 30 March 2017 - 02:34 PM

Has anybody seen anything like this before? (names are changed to protect the innocent)

 

From: soul slayer
Sent: Thursday, March 30, 2017 8:29 AM
To: customerservice@XXXXX.com ; daniel@XXXXX.com
Subject: SOUL SLAYER
 
to whom it may concern

my name is soul slayer 12, I am a hacker from the deep web. before you think this is a lead I am using a 12 layer VPN and TOR,so good luck in that essence. we were first given access to your side through your work or Cxxxx who had clicked an injected image on a cat website. we were given access to her computer and every other computer on your network from this picture. we have injected our data into every one of your computers and have made ourselves undetectable by your virus systems and are utilizing your IP addresses via these computers to continue our operations. we have your magento, suredone, and all network drives you use under our control. the only way to erase us is to wipe every system completely and remap your drives.

we have collected all of your customers information. don't believe us?

(several names)

enjoy the terror, the DDOS, the emails, and much more :)

 



BC AdBot (Login to Remove)

 


#2 jrguthrie

jrguthrie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sonoran Desert
  • Local time:05:50 PM

Posted 30 March 2017 - 02:35 PM

more :)

From: soul slayer 
Sent: Thursday, March 30, 2017 12:11 PM
To: daniel@XXXXXcom ; customerservice@XXXXX.com
Subject: soul slayer final words.

Okay daniel xxxx
(Daniel's address), you wanna play games and act like you can fix this how about we leak your address and information also? how about letting all your customers know that over 2000 credit cards of theirs ready to be leaked on the deep web if you do not take our advice and will probably be maxed out by later tonight. i told you how you can fix this. wipe every computer before we do, don't think we can't connect to your home computer, and get all of your further information. Now, did i stutter? the only way to erase us from your network is to wipe every single computer and remap your network drives. because we are on all of them. do not think we cannot see you running around the office either, by the way, some of your cameras are facing towards the ground (?) might want to fix those. thank you, we have all we need but if you want to keep investigating and not take our advice which is based on protecting the privacy of your employees, we will be sure to DDOS and continue to collect information. i hope you know that every single computer has a key logger installed and we already have your new passwords. enjoy the mess, also, tell "XX1" that because she uses incognito windows to hide her other personal pages while on the clock it does not mean we can't see them :) your entire website will be overtaken at approximately 1400 hours your time. thanks and cheers to the deep web and our new riches from Germany with love. BTW what is the credit line of your company cards ? btw also found some SSN numbers from scanned HR archives from names such as (3 names)

was not hard to gather more credit cards from your recorded calls either. tighten things up dan. we are trying to help you, do not use windows 10, you were way too vulnerable. we do not wish utilize or harm your business or the collected info if you successfully wipe all computers and fix your security.

soul slayer :)



#3 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:07:50 PM

Posted 30 March 2017 - 02:54 PM

more paragraphs would be nice


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 jrguthrie

jrguthrie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sonoran Desert
  • Local time:05:50 PM

Posted 30 March 2017 - 03:47 PM

This is everything that was emailed to my client.  He confirmed that all email addresses, names, are accurate, and he found a camera aimed at the ground.

 

We are looking at the email headers now!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,481 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 PM

Posted 30 March 2017 - 06:47 PM

I see no mention of a demand for payment.

Sounds more like a scam or an actual hack of the system than ransomware.

It appears the hacker is attempting to scare the client into wiping every system and remapping the drives. The question I would ask is for what reason would they want your client to do this if the hackers do not want money?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 jrguthrie

jrguthrie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sonoran Desert
  • Local time:05:50 PM

Posted 30 March 2017 - 07:07 PM

because there is no "proof of Life";  last 4 digits of a SSN or CC, we are under the assumption that it could be a disgruntled ex employee possibly.  That would account for all the disclosure, and would account for why no "proof of life" 



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,481 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 PM

Posted 30 March 2017 - 07:16 PM

Yes...an ex or disgruntled employee could be involved especially if they have revealed certain details about other employees or the company which a hacker might not have. Has your client filed a report with Federal or local law enforcement agency which most likely has a Cyber Unit specializing in tracking down hackers and prosecuting them? If not, I suggest they do so.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 jrguthrie

jrguthrie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sonoran Desert
  • Local time:05:50 PM

Posted 30 March 2017 - 07:28 PM

We have already filled out a 75 page form for the FBI.  However, if SSN and CC #'s are involved (no proof yet) then the Secret Service has jurisdiction over these 2 factors. I believe if this were a hacker, then there would be some real "proof of life" like CC ending in 1234.  We have preserved all HDs and the FortiGate Firewall for forensic investigation if necessary. I was told by a PCI Compliancy Specialists that if this evidence is wiped, they could be sued. 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,481 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 PM

Posted 30 March 2017 - 10:07 PM

Then all your client should do is wait on the FBI for further instructions.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users