Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Received a ransom email with a password, demanding Bitcoins


  • This topic is locked This topic is locked
8 replies to this topic

#1 kunalthechamp

kunalthechamp

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:14 AM

Posted 06 August 2018 - 05:12 AM

Have attached the FRST logs with the post, since it won't allow a long copy paste.

I received a really weird email this morning. It had no email address in the header. Pasting the contents of it below (have obscured the sensitive bits). This is the first time I have received such an email.

 

It’s to my email address: abcde@personaldomain.com and from 'Cassandra <expose>', no email address in the from.

-----------------------------------------------------------------------------------------------------------------------------

It seems that, (password), is your password. Will possibly not know me and you are
most likely wondering why you're getting this e mail, right?

in fact, I put in place a trojans on the adult vids (porno) web-site and you know
what, you visited this website to have fun (you know what I mean). While you were
watching videos, your internet browser started out operating like a RDP (Team
Viewer) which gave me accessibility to your screen and web camera. after that, my
software program obtained all of your current contacts from your Messenger, Outlook,
Facebook, in addition to emails.

What did I really do?

I created a double-screen video recording. 1st part shows the video you were
watching (you've got a good taste haha . . .), and 2nd part shows the recording of
your webcam.

what exactly should you do?

Well, in my opinion, $1000 is a fair price for your little secret. You will make the
payment by Bitcoin (if you do not know this, search "how to purchase bitcoin" in
Google).

Bitcoin Address: 1PoADFo6s8qKuhLKLZVHbH7tP2FN7VzvQH
(It's case sensitive, so copy and paste it)

Important:
You've got 1 day in order to make the payment. (I've a completely unique pixel in
this e mail, and at this moment I know that you have read through this email
message). If I do not get the BitCoins, I will certainly send your videos to all of
your contacts including family members, coworkers, and so forth. Having said that,
if I receive the payment, I'll destroy the video immidiately. If you want evidence,
reply with "Yes!" and I will undoubtedly send your videos to your 6 contacts. It is
a non-negotiable offer, that being said don't waste my personal time and yours by
answering this message.

--------------------------------------------------------------------------------------------------------------------------

 

On checking the header info:

Return-path: <expose@junecarroll.com>

Received: from [46.161.42.84] (helo=mail.junecarroll.com)

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=UTF-8
Mime-Version: 1.0 (1.0)

 

So, obviously I was really shocked on seeing this email. However, I quickly realized that the 'password' was not really my password to this particular email address abcde@personaldomain.com. But 'password' is actually the password to many other sites/emails I use. So there's clearly some virus in my computer. 

 

Disclaimer: I haven't watched porn on the computer. I have my computer webcam sealed with an opaque tape. I have NO contacts in any of the above that is mentioned in the email. 

 

Did some digging on the IP address:

http://www.borderware.com/lookup.php?ip=46.161.42.84

 

Background: 

I started receiving some popups on Chrome which led to spam websites. Ran a MBAM scan and removed all the malicious items. I'm on a network. 

 

Please help!

Attached Files


Edited by hamluis, 06 August 2018 - 07:36 AM.
Moved from MRA to Ransomware - Hamluis.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 06 August 2018 - 08:20 AM

Hi kunalthechamp :)

This is a scam extortion email. You can ignore it and move on. Though I would suggest that you change the password of any account that uses the password you were sent in that email, as it has been leaked.

https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:04:44 PM

Posted 06 August 2018 - 08:29 AM

I will "second" Aura's sage advice, particularly the part about changing passwords for any accounts you have that use the password sent to you.

 

Because password compromises can occur for a variety of reasons it's a good idea to, at a minimum, maintain a small collection of favorites that you "rotate" among sites on some set schedule (though I will admit I do not even do that).  The truly anal-retentive have per-site passwords and use a password manager such as Password Safe, KeePass, BitWarden, etc., to keep them straight and typically use the "generate password" function that creates a random sequence of characters that's not "human guessable" and difficult to brute force hack, too.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 07 August 2018 - 07:37 AM

You may want to read: Beware of Phony Emails & Tech Support Scams for more information about how these scams work...there are suggestions near the bottom for dealing with scams.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:14 AM

Posted 08 August 2018 - 01:07 AM

Thank you all for the replies. Can I still get some help in cleaning my computer? I still definitely continue to get random weird pop-ups on Chrome and new tabs open up redirecting automatically to spam websites. 


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,889 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:04:44 PM

Posted 08 August 2018 - 08:57 AM

Hello,

 

           For issues such as you describe, please start a new thread in the Malware Removal Help forum after having read, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

 

           That is the appropriate forum for situations where an infection of some sort is suspected.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 08 August 2018 - 03:45 PM


If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:14 AM

Posted 09 August 2018 - 12:19 AM

Here goes:

https://www.bleepingcomputer.com/forums/t/681886/need-help-in-cleaning-my-computer/


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 09 August 2018 - 07:26 AM

Now that your new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the information or any log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your system is clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers but your topic will be reviewed and answered as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

I advise checking your new topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users