A couple weeks ago, I was getting ready for bed and happened to check my email to find this one titled:
Ticкet#336955432: 26-04-2018 04:32:17 Details about your future
The body read:
Do not consider on my English, I am from Belgium.I installed the virus on your device.After that I thiefted all private information from your device. Moreover I received some more then just data.The most interesting compromising which I got- its a videotape with your self-abusing.I set malware on a porn site and after you downloaded it. The moment you selected the video and pressed play, my virus at once downloaded on your Operating System.
After setup, your front-camera made the videotape with you self-abusing, additionally I captured exactly the porn video you chose. In next few days my malicious software found all your social media and email contacts.
If you need to eliminate the records- pay me 340 euro in BTC(cryptocurrency).
Here is my Bitcoin wallet address - 18aVwkFAadCvwGBHN8vagouWBWrNEpZAaV
You have 22 h. to go after reading. As soon as I get transfer I will destroy the evidence forever. Otherwise I will forward the record to all your contacts.
The email was from email@example.com Which I assume is faked or spoofed somehow.
I have an old 09 Mac Pro which suffers from the deep sleep bug where it goes to sleep and never wakes up requiring a hard shut down and restart. So I didnt think too much about it the previous day when I tried to wake it up and it just wouldnt show the login screen. I did start getting a little concerned after the second or third restart and I still couldnt get to the login screen.
Until I got that email. Then I knew I had a real situation on my hands!
Im still not 100% certain the actual vector of attack. But I have a couple hunches. Recently I was trying to get into programming for raspberry pi. as I was attempting to download the raspbian OS from The official website, they have two options: 1) direct download and 2) torrent. For whatever reason the direct download was not working so out of impatience I decided to go the torrent route. I havent done any torrenting in several years so I reluctantly downloaded the Vuze app. I figure the malware/ransomware could have come in that way somehow.
Another dumb thing I did recently was give out an email and social/professional media links to a couple forum members (not this one) in private messages. They were long time members who I felt could be trusted (and its not like I was giving out any info that couldnt be reasonably easily found if you were looking for me or someone like me. Its probably less likely it was one of those two guys, but still possible I guess.
Of course I never paid, and I have a time machine backcup. However, I do have another connected drive as well as the time machine back up and Im a little concerned that my time machine back up is also encrypted/locked down. Obviously I can remove the other connected disk but before doing a restore from Time Machine I guess I was just curious if anyone had heard of Time Machine back ups and other drives being affected by ransomware. Or any other info/thoughts anyone might have. I have looked and looked and just cant find the answers to any of these questions.
Edited by powerwheels, 09 May 2018 - 10:29 PM.