WannaCry ransomware scam tries to extort money without actually infecting your computer

They couldn't even be bothered to write the malware.

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

I’m indebted to a reader for forwarding me the following email that appears to have been spammed out to computer users, threatening to destroy “all
data stored on your computers, servers, and mobile devices.”

Wannacry email

The email, reproduced below, claims that the notorious WannaCry virus is back - and unlike its earlier incarnation it doesn’t just infect Windows computers.

Here is part of the email that has been sent out to people:

Hello! WannaCry is back! All your devices were cracked with our program installed on them. We have improved operation of our program, so you will not be able to get your data back after the attack.

All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be forceless against our unique code. Should your files be encrypted, you will lose them forever.

Our program also expands through the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices.

Deletion of your data will take place on June 22, 2018, at 5:00 - 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion. In place to prevent data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet: [REDACTED]

You must pay timely and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations from now forward. Should you try to delete our program yourself, data erasion will commence shortly.

Of course, the email is nonsense. There isn’t a version of WannaCry that infects Windows, Macs, Linux, iOS, and Android devices.

Whoever is behind this malware campaign is simply hoping that a small percentage of recipients will be fooled into paying up. If enough do, the scammers will make a tidy profit - without having had to make the effort of actually writing any malware!

Of course, it still makes sense for everyone to follow security best practices, keep your anti-virus updated, and systems patched.

But is this email really about a new incarnation of WannaCry? Nah.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:

, , ,

2 Responses

  1. Chiny

    June 23, 2018 at 9:41 am #

    I had one of these emails using a most unlikely (but real) To: address. Personally I run RansomeWhere as an additional defence, so I’m not panicking yet.

    Incidentally, why do *all* scams involve flaky English ?

    RansomeWhere (no connection, just a humble user)
    https://objective-see.com/products/ransomwhere.html

  2. furriephillips

    June 27, 2018 at 4:01 pm #

    I’ve seen this a fair bit, and just forward them on with a phishing report tool.

    It’s like spam, where they deliberately (or accidentally - who cares), use language and spelling that keeps their victim pool in the same arena as other spam/419 scams. Like a digital Darwin Awards; it must work for them, or they’d adapt..

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.