back to article WannaCry is back! (Psych. It's just phisher folk doing what they do)

An unusually large wave of phishing emails was spewed out this morning, with recipients warned that all their devices had been infected by WannaCry. Action Fraud UK has said it has already received over 200 reports of the phishy email this morning, while beleaguered IT support contractors – seemingly mostly based in the UK – …

  1. Anonymous Coward
    Anonymous Coward

    The text:

    From: WannaCry-Hack-team

    Sent: 21 June 2018 09:56

    Subject: Attantion Wannacrypt!

    Hello! WannaCry is back! All your devices were cracked with our program deployed on them. We have improved operation of our program, so you will not be able to retrieve your data after the attack.

    All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be marrowless against our one-of-a-kind code.

    Should your files be encrypted, you will lose them forever.

    Our program also develops across the local network, erasing data on all network-connected computers and remote servers, all cloud-stored data, and blocking website operation. We have already deployed our program on your devices.

    Deletion of your data will commence on June 22, 2018, at 5:00 - 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion.

    So as to prevent data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet:1EMdRXkmHYAccMzq85qzRvDUV5FdkvNXAY

    You must pay in due time and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations at a later stage. Should you try to delete our program yourself, data erasion will commence immediately.

    To pay with bitcoins, please use localbitcoins.com or other similar platforms, or just google for other means. After payment write to us: support_wc@bitmessage.ch

    1. DropBear

      Re: The text:

      Soooo... let's assume I believe the letter. Seeing as how it's threatening to begin "encrypting" (what the fuck would it do that for if they promise data _won't_ be recoverable after it does that?) at some point in the future... what exactly is supposed to prevent me from copying all my data to safety before it does...? Data at rest in cold storage won't just self-destruct, even if it really is infected...

      1. steviebuk Silver badge

        Re: The text:

        Its aimed at people that haven't got a clue so would potentially fall for it.

  2. jay_bea
    Flame

    New Email List?

    I have had a few of these, but to two email addresses that I don't usually get spam on, both of which were used exclusively for FoI requests to local authorities, which suggests that some local authority in England has had a leak of email addresses. The two email addresses were used a few years apart.

    Perhaps I should do an FoI request to English Local Authorities to ask whether they have leaked any email addresses used for FoI requests?

    Next time I will generate an unique email address for each local authority so I will know who to point the finger at.

    1. Anonymous Coward
      Anonymous Coward

      Re: New Email List?

      Perhaps I should do an FoI request to English Local Authorities to ask whether they have leaked any email addresses used for FoI requests?

      I wonder if I could do an FoI request to ask how many people have issued FoI requests about email addresses used for FoI requests?

    2. Zimmer

      Re: New Email List?

      Cheshire one of those authorities by any chance?

      1. jay_bea

        Re: New Email List?

        Cheshire one of those authorities by any chance?

        Yes, Cheshire East and Cheshire West & Chester. There is no Cheshire local authority any more.

    3. JQW

      Re: New Email List?

      I got one on my work account yesterday. I use it very infrequently to talk to the outside word, but did have a protracted E-mail session a few months ago with someone from the local County Council.

      Hmmm.

  3. Bah Humbug

    I've had a few of these emails reported to me today - they've all had different wallet addresses, so just checking the balance of one wallet isn't enough to say how successful the phish has been. I guess by having one wallet per email, they know who's suckered in enough to be persuaded to perhaps pay again in the future.

  4. Alister

    We've had a number of these to various addresses within our organisation today, including the Chairman!!!

    Oops! That caused a flurry...

    Like another commentard above, we deal a lot with local authorities in the UK, and did wonder where these addresses were being harvested from. Interestingly, none of the addresses are flagged on haveibeenpwned.com as yet.

  5. GnuTzu
    Meh

    FUD for Profit

    It's just the latest intelligence about which FUD for profit angle is currently being played.

  6. Anonymous Coward
    Linux

    Super virus able to run on any platform

    "The email warns of a super virus, able to run on any platform (Windows, iOS, Linux, and so on), which cannot be detected by antivirus and renders firewalls, erm, "marrowless" in some versions of the email we've seen."

    How exactly does this super virus load, run and execute its payload on iOS and Linux?

    1. doublelayer Silver badge

      Re: Super virus able to run on any platform

      I'm not sure if your being serious or not... but there is no software. They're lying. They just dropped the operating systems they could think of into their message (see first comment for full text) under the theory that that would be helpful.

    2. JulieM Silver badge

      Re: Super virus able to run on any platform

      Well, I created a .deb that installs and runs on any architecture -- it deposits the Source Code in /usr/sec, does the build in postinst and installs to /usr/bin/ .

      But these people most probably are just lying. There is no super virus.

  7. Anonymous Coward
    Anonymous Coward

    Don't click!

    Just inhale!

  8. Anonymous Coward
    Anonymous Coward

    mine is addressed to 5 recipients

    ...at different companies and contains the address 1CJNBQUQqtS2ZxsQTYoAFhZp8mBXCQ689D

  9. sandman

    I've had two of them so far. I think they may be from the same person/group who have been sending the "I've hacked your computer's camera and recorded you watching porn, blah, blah, blah." Same Bitcoin demands, etc. I always find them rather amusing.

  10. Alfie Noakes

    Is nothing safe?

    Ironically, mine was sent to an e-mail address that was _only_ (and anonymously) used to access the Avast support forum!

  11. Steve Evans

    Only one so far

    Only had the one so far, to an email address I used semi-publicly on flickr.

    Had a nice little selection of email addresses in a public CC list.

    1. nagyeger

      Re: Only one so far

      Public Cc: list? Never mind the fraud, extorting money with menaces etc,... they've gone and broken GDPR too!

      That'll get them in trouble.

      (not a lawyer!)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon