WannaCry ransomware scam tries to extort money without actually infecting your computer

Graham Cluley

WannaCry ransomware scam tries to extort money without actually infecting your computer

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

I’m indebted to a reader for forwarding me the following email that appears to have been spammed out to computer users, threatening to destroy “all
data stored on your computers, servers, and mobile devices.”

Wannacry email

The email, reproduced below, claims that the notorious WannaCry virus is back – and unlike its earlier incarnation it doesn’t just infect Windows computers.

Here is part of the email that has been sent out to people:

Hello! WannaCry is back! All your devices were cracked with our program installed on them. We have improved operation of our program, so you will not be able to get your data back after the attack.

All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be forceless against our unique code. Should your files be encrypted, you will lose them forever.

Our program also expands through the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices.

Deletion of your data will take place on June 22, 2018, at 5:00 – 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion. In place to prevent data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet: [REDACTED]

You must pay timely and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations from now forward. Should you try to delete our program yourself, data erasion will commence shortly.

Of course, the email is nonsense. There isn’t a version of WannaCry that infects Windows, Macs, Linux, iOS, and Android devices.

Whoever is behind this malware campaign is simply hoping that a small percentage of recipients will be fooled into paying up. If enough do, the scammers will make a tidy profit – without having had to make the effort of actually writing any malware!

Of course, it still makes sense for everyone to follow security best practices, keep your anti-virus updated, and systems patched.

But is this email really about a new incarnation of WannaCry? Nah.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “WannaCry ransomware scam tries to extort money without actually infecting your computer”

  1. I had one of these emails using a most unlikely (but real) To: address. Personally I run RansomeWhere as an additional defence, so I'm not panicking yet.

    Incidentally, why do *all* scams involve flaky English ?

    RansomeWhere (no connection, just a humble user)
    https://objective-see.com/products/ransomwhere.html

  2. I've seen this a fair bit, and just forward them on with a phishing report tool.

    It's like spam, where they deliberately (or accidentally – who cares), use language and spelling that keeps their victim pool in the same arena as other spam/419 scams. Like a digital Darwin Awards; it must work for them, or they'd adapt..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES