Home Business 7 things to remember if you receive ransom or extortion email

7 things to remember if you receive ransom or extortion email

137
0
SHARE
Oliver Potgieter

By Alto Africa CTO, Oliver Potgieter

So we’ve all heard of phishing and no one is going to click on funny emails from your bank asking for your username and password or reply to emails where you’ve won a free pizza or $10-million.

Well here’s a new twist on an old favourite, an email that is currently doing the rounds:

It reads:

I am aware that <actual-password-here> is one of your passwords”

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

Firstly; although technically possible, all of the above is completely fictitious – no one has any video of anyone doing anything – this is straight extortion created from assumptions. Except for the password.

Aside from being slightly frightening, this is also fascinating. Phishing has always been about trying to get your passwords – now they’re leading with your password straight off the bat as a means to establish credibility. That’s right – Your password.

The password used is actually correct (or at least was). We believe the password information in these recent instances has been either from the LinkedIn hack of 2012, or the Ashley Maddison hack of 2015 (maybe both).

Almost more concerning is the number of people on message boards and in the comments section of various articles that are still using the same password they did in 2012 or 2015.

There is also nothing ‘traditional’ in this email that causes it to be blocked by normal spam protection – no links, no malware, no attachments. It would only be blocked by a solution like Advanced Threat Protection that does deep content scanning on all email.

I’ve also heard of a less digital version of this scam that has been used in LA recently, and this time delivered by good old fashioned post: “We know what you’ve been doing, we have evidence, and if you don’t pay x to this bitcoin address, we’ll send the videos to your wife”.

The worst thing about this, is that there is clearly a big enough target group in middle-class suburbia to make the scam worthwhile.

So, if you do end up on the receiving end of one of these horrible little scams, make sure you follow these 7 steps:

  1. Do not click on any links or attachments in the email.
  2. If you still use that password anywhere, change it immediately.
  3. Do not re-use passwords (chat to us about a password manager for your business)
  4. Enable 2 factor authentication for all online accounts that support it.
  5. Do not respond to spam or phishing emails
  6. Do not pay ransomware or extortionists.
  7. Talk to us about automated security training for your company.

About Cloudbox

Cloudbox is a solution provided by Alto Africa.  Alto Africa is a leading IT Managed Services provider, it leverages the cloud to help customers become more agile, productive and secure.

Alto Africa is a tightknit team who understands that IT is essential to running your business so they created Cloudbox, a solution that is easy to understand and simple to use. It was designed for SME’s looking to simplify their IT and incorporates all essential IT services.

Cloudbox is the culmination of our combined 30+ years’ experience in providing leading IT cloud solutions for small businesses all over the world. Everything we have learnt is distilled into one product that covers everything a small business needs from their IT.