- Cybercriminals are looking to tap into the fear of the notorious WannaCry ransomware
- The attackers threaten to infect victims' systems with the malware unless they pay up in advance
Scammers have been attempting to extort victims with frightening emails threatening to infect their systems with the infamous WannaCry ransomware unless they pay up in advance. According to Sophos Labs' Paul Ducklin, a new widespread email scam tries to dupe victims into paying a ransom before their system is actually infected and files encrypted by the malware.
The scary-sounding email is purportedly sent by the "WannaCry Hack Team" and claims that WannaCry is back.
"All your devices were cracked with our program installed on them," the message reads." We have improved operation of our program, so you will not be able to regain the data after the attack. All the information will be encrypted and then erased."
It also claims antivirus software will not be able to detect the malware while firewalls will be "strengthless against our unique code."
"Our program also covers the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices," the message continues. "Should your files be encrypted, you will lose them forever."
They also threaten that the infection will spread to other computers connected to the same network, along with Android and iOS devices and files stored in the cloud.
Is it true?
The attackers says deletion of the victim's data is scheduled for a specific time before which they must pay up 0.1 Bitcoin (approximately $650 at current rate" to save their files.
However, the email and its claims are completely bogus.
The cybercriminals behind the scam are hoping to tap into the fear and chaos surrounding the WannaCry ransomware attack that infected hundreds of thousands of computers across the globe. In reality, these crooks don't actually have the malware to support their threats or claims.
"Simply put, it’s a protection racket, where you’re being stood over to prevent bad things happening, rather than a ransom-based racket, where you are being squeezed to recover from bad things that already happened," Ducklin writes. "In this particular case... the whole thing is a fraud, right down to the existence of the malware in the first place."
Ducklin notes that no victims seem to have fallen for the scam yet as no funds have been sent to the Bitcoin address in the spam samples observed thus far.
What can I do to protect myself?
Users who receive this email are advised to permanently delete the email, don't pay up or attempt to contact the scammers. Make sure your operating system, browsers and anti-virus programs are patched, protected and fully updated. Additionally, make sure you have a reliable backup system and updated backup of your data just in case.