We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them.
I received now a new email on a corporate address, which is a black-e-mail … in digital form.
I have to say, that the amount of thoughts expressed in the email is interesting.
Somebody, with some basic knowledge and bad English knowledge has put some infos together. 🙂
Here is the plain text, so that it is easier to index:
I do not want to judge anyone, but as a result of several occasions, we have point of contact from now. I do not think that caress oneself is very bad, but when all your relatives, colleagues and friend see it- its obviously awful.
So, closer to the point. You visited the website with роrn, which I’ve adjusted with the deleterious soft. Then you chose video, virus started working and your device became working as dedicated desktop immediately. Naturally, all cams and screen started recording instantly and then my virus collected all contacts from your device.
I text you on this e-mail address, because I got it it with my soft, and I guess you for sure check this work address.
The most important thing that I edited video, on one side it shows your screen record, on second your cams record. Its very amusingly. But it was sophisticated .
All in all- if you want me to delete all this compromising evidence, here is my BTC account address- 19erHb7FxesMTjSm3QB9bKAscpPw46fcSe (it must be without «spaces» or «=aquo;,check it). If you do not know how to make btc transactions, you can ask google or youtube for help- its very easy. It seems to me, that 290 usd will solve your problem and will destroy our touchpoint . You have thirty hours after reading this message(I put tracking pixel in it, ill know when you read it). If you will not finish transaction, ill share the compromising with all contacts I’ve collected from you.
Finally, you can ask police for help, but, obviously, they will not find me for 1 day, so you will be shamed at all. Sorry for misprints, I am foreign.
Now, let’s have a critical look on it:
(they = the bad guys sending this junk )
1.They pretend to have hacked a porn website to install a virus – Well, this is not unseen, as there is a lot of malvertising happening there. However, in order to have the technical ability to do that, it requires some knowledge.
- The language used impressed me: “which I’ve adjusted with the deleterious soft”
I have to confess that the the use of “deleterious” is very surprising for me. It is actually an indication of automatic translation, especially considering the other grammar and syntactic mistakes in the text.
- “then my virus collected all contacts from your device.”
Ok, not very hard to do.
- “Then you chose video, virus started working and your device became working as dedicated desktop immediately. “
So, this give me a bit more information about how this “virus” is supposed to work. It could be a fake Flash plugin, which is “required” in order to see some videos. A known social engineering scheme for the unknowing people (read: men).
Now, the second part of the sentence is more interesting: “your device became working as dedicated desktop immediately”
Leaving the bad language aside, I understand from this that the “virus” is a remote desktop software, which allows someone to share screens with somebody else.
Interesting, this is getting better and better.
- “I text you on this e-mail address, because I got it it with my soft, and I guess you for sure check this work address.”
So, they know that this is a “work address”… Very nice, and easy to do. 😉
- Payment, via BTC, in USD… Interesting… Usually they say how many BTC they want, but since the value of BTC is fluctuating so much, it is probably easier to go for the sure income in USD. :)))
“You have thirty hours after reading this message” – the deadline, which makes a good blackmail letter 😉
“Finally, you can ask police for help” – he is making fun :)))
Last but not least:
The status of the BTC account: Zero 🙂
Right so !
Well, funny right? 🙂
© Copyright 2017 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch