Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email Received Requests Ransom and Warns of Malware


  • Please log in to reply
10 replies to this topic

#1 Gary Sisler

Gary Sisler

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado, USA
  • Local time:12:44 PM

Posted 10 July 2018 - 11:25 PM

My customer received an email this afternoon that states
they know his password, which is close to right, but is actually
an old one.

They state that they used malware installed on an adult video
site to remotely control his computer screen and webcam. They
also state they copied his contacts.

The ransom requested is $1900 and they want bitcoin.

I have checked his computer with Malwarebytes and Webroot
and find NO evidence of malware. The files have not been
encrypted. We have changed his password on Outlook email, 
Windows 10, Microsoft Account, etc.

What else needs to be done?

 

Thanks,

 

Gary Sisler


Edited by hamluis, 11 July 2018 - 05:12 AM.
Moved from Ransomware to General Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 PM

Posted 11 July 2018 - 05:48 AM

It sounds more like a fake ransomware scam. Actual ransomware usually will have obvious indications (signs of infection). Ransomware victims do not typically receive a ransom demand before the encryption process has occurred...see Beware of Phony Emails & Tech Support Scams....there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use.

If you need individual assistance, you should follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,644 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:44 PM

Posted 11 July 2018 - 09:11 AM

Nothing, really.

 

I am with Quietman7 in that I believe this was a scam, and there are just so many of them.

 

Unless there is something specific, and I mean very specific and not easy to guess, in a message such as this one it would go into the cyber round file and I'd move along with life.

 

It never hurts to change your passwords, but if there's no real reason to believe that someone else knows them that really doesn't prevent anything.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 11 July 2018 - 02:37 PM

There have been scam emails exactly like you describe these last days.

 

Take a look at the comments here for July 10th and later:

https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/comments-/CP2/

 

I'm sure it's exactly the same as your client received.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 12 July 2018 - 04:17 PM

We have an example on the SANS Internet Storm Center: https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,644 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:44 PM

Posted 12 July 2018 - 04:46 PM

One thing I try to teach people is that the flip side of, "If it seems too good to be true, it probably isn't," is equally true:  "If it seems too awful to be true, it probably isn't, either."

 

These scams demonstrate, and demonstrate repeatedly, that the weakest link in computer security is the person sitting behind it.  Think before you act and very often you won't act at all.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 PM

Posted 12 July 2018 - 08:12 PM

Cyber-criminals are very innovative...they are always developing creative and more sophisticated techniques to snare their victims into providing personal information or stealing their money for financial gain. They rely heavily on social engineering and human exploit/interaction (the weakest link in security) to target a large audience.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 13 July 2018 - 10:39 AM

I researched this today and discovered, sadly, that at least 3 victims already paid between $1900 and $3900.

More info on my research here:
https://blog.nviso.be/2018/07/13/sextortion-scam-with-leaked-passwords-succeeds/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,644 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:44 PM

Posted 13 July 2018 - 11:05 AM

I researched this today and discovered, sadly, that at least 3 victims already paid between $1900 and $3900.

 

It is just so sad, from all angles.

 

There probably are 5 people who frequent cyberspace, worldwide, who have not visited a porn site at one point or another.  The human interest in sex is no secret, and really should not be a source of shame, either.

 

Also, given the prevalence over the years of hacks involving passwords, and the publicity they've generated, you'd think that people would know that these lists are out there and if they see a now ancient password that's really nothing to worry about.

 

Panic and shame are, unfortunately, very strong motivators for some.  Taking about 5 minutes to actually think about what's being demanded, and the probability of the threat even being real, would prevent a lot of misery (plus stop a few people from doing the really ridiculous and paying).


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#10 digmor crusher

digmor crusher

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:44 PM

Posted 13 July 2018 - 01:33 PM

I got this yesterday, he has a video of me on a adult site, oh no, heh, heh, I don't have a webcam. I wont, but I certainly feel like replying and making his ears hurt.  It would be epic.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:44 PM

Posted 13 July 2018 - 03:42 PM

Even with the read thing...four out of five ransomware victims would pay the ransom again
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users