Ransomware
Abuser: Return-Path:
Attempt to blackmail after claim of hacking my local infra.
Netherlands, 2018-12-10 12:06:58Attempt to blackmail after claim of hacking my local infra.
Netherlands, 2018-12-10 12:06:58Hello, I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
United States, 2018-12-10 18:08:07I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera. Believe it turned out very high quality! So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts. Transfer $905 to my Bitcoin cryptocurrency wallet: 1P55eXM8gxmwjSbqEpBWLBBvJQ7C1BmRH3
United States, 2018-12-11 07:52:38Received an e-mail asking to depost money to this bitcoin account if not will realease information about my computer. This is the final mesage on the e-mail received: Hello, I am a spyware software developer. Your account has been hacked by me in the summer of 2018. ........... Transfer $994 to my Bitcoin cryptocurrency wallet: 1P55eXM8gxmwjSbqEpBWLBBvJQ7C1BmRH3 ....... Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material. I advise you to remain prudent and not engage in nonsense (all files on my server). Good luck!
Mexico, 2018-12-11 16:39:56spam email campaign used to threaten people and to trick them into transferring Bitcoins
United States, 2018-12-12 03:53:36Received: from webmail.halftomorrow.com [142.11.67.160] by m1.gns.snv.thisdomainl.com with ESMTP; Wed, 12 Dec 2018 01:26:44 -0500
Bulgaria, 2018-12-13 02:04:59Received: from yahoo.jp (unknown [14.161.33.43]) by mx2.pub.mailpod3-cph3.one.com (Halon) with SMTP id 0c4c547e-fe58-11e8-a542-ec0d9a6ed98e; Wed, 12 Dec 2018 21:51:19 +0000 (UTC) Received: from qnx.mdrost.com ([51.13.230.1]) by relay.2yahoo.com with QMQP; Wed, 12 Dec 2018 16:33:21 -0500 Received: from external.newsubdomain.com ([Wed, 12 Dec 2018 16:21:54 -0500]) by webmail.halftomorrow.com with ASMTP; Wed, 12 Dec 2018 16:21:54 -0500 Received: from [14.182.117.31] by nntp.pinxodet.net with ASMTP; Wed, 12 Dec 2018 16:14:01 -0500 Received: from unknown (71.118.235.202) by mail.webhostings4u.com with ASMTP; Wed, 12 Dec 2018 16:08:36 -0500 Message-ID: <[email protected]> Date: Wed, 12 Dec 2018 16:08:36 -0500 Reply-To: "Bengt" <[email protected]>
Sweden, 2018-12-13 12:12:48Delivery-date: Thu, 20 Dec 2018 07:10:45 -0600 Received: from [94.25.171.118] (port=24808 helo=yahoo.jp) (envelope-from <[email protected]>) id 1gZy68-001kVb-73 Received: from rsmail.alkoholic.net [28.224.111.242] by mail.gimmicc.net with SMTP; Thu, 20 Dec 2018 07:57:41 -0500 Received: from snmp.otwaloow.com [159.118.233.182] by smtp.mixedthings.net with LOCAL; Thu, 20 Dec 2018 07:56:31 -0500 Received: from webmail.halftomorrow.com [184.231.3.117] by qrx.quickslick.com with LOCAL; Thu, 20 Dec 2018 07:41:05 -0500 Received: from external.newsubdomain.com [152.95.148.248] by asx121.turbo-inline.com with ESMTP; Thu, 20 Dec 2018 07:37:37 -0500 Received: from [13.69.58.179] by m1.gns.snv.thisdomainl.com with SMTP; Thu, 20 Dec 2018 07:20:42 -0500 Message-ID: <[email protected]> Date: Thu, 20 Dec 2018 07:20:42 -0500 MIME-Version: 1.0 Subject: kevin Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64
South Africa, 2018-12-20 15:40:04I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). I went around the security system in the router, installed an exploit there. When you went online, my exploit downloaded my malicious code (rootkit) to your device. This is driver software, I constantly updated it, so your antivirus is silent all time. Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself. I also have access to the camera on your device, and I periodically take photos and videos with you.
United States, 2018-12-21 10:21:36Hello, I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). [etc. etc.]
Hong Kong, 2018-12-21 15:07:39Reported to the Internet Storm Center (https://isc.sans.edy) as part of the Sexploition campaigns of summer and fall of 2018
United States, 2018-12-25 19:41:26This extortioner uses the wallet [90e1422311] / 4998590c583f4fff with the bitcoins 14XMwrqXdhz6YnShUuW37dTrKmpMFbJDHL 1P55eXM8gxmwjSbqEpBWLBBvJQ7C1BmRH3 This is obviously the biggest nonsense, paying with Bitcoin is anonymous so the scammer cannot know who the money came from (there is no sender). The story as described in the mail is therefore incorrect and is not based on truths.
Netherlands, 2018-12-30 14:32:11Just like the others. The criminal lied to have my data and wants to send a large amount in dollars. I hope he will soon be punished. Source IP address is multiple blacklisted for example on Barracuda, CBL, SOTBS etc.
Czechia, 2018-12-30 23:00:34Just like the others. Source IP address from Russia is 27 times blacklisted for example on Barracuda, CBL, SOTBS etc.
Czechia, 2019-01-03 17:56:49