WannaCry Extortion Fraud Reemerges

The emails claim that all of the victim’s devices have been hacked and infected with the infamous ransomware — and then ask for Bitcoin to “fix” it.

Extortion emails that threaten recipients with a WannaCry infection if they don’t pay up are making the rounds in the UK and elsewhere.

The activity prompted an alert Friday from the City of London’s Action Fraud unit, which said at the time that police had already received almost 300 reports in just a two-day span.

The emails claim that all of the victim’s devices have been hacked and infected with the infamous ransomware. In reality, the threat is an empty one.

“The WannaCry emails are designed to cause panic and trick you into believing that your computer is infected with WannaCry ransomware,” Action Fraud warned. “In reality the emails are just a phishing exercise.”

Nonetheless, the threat actors sending the emails are banking on consumers erring on the side of caution, and are demanding payment from victims in Bitcoin in exchange for “fixing” the purported infection.

The strategy is a savvy one, and especially for the U.K.: WannaCry ransomware made headlines in May last year after about 200,000 computers across more than 150 countries were affected, with one of the biggest impacts being felt in the National Health Services in England and Scotland. In addition to the general issues of computers being locked, healthcare devices were also frozen. MRI scanners, blood storage refrigerators, and other medical equipment were compromised to the point that non-critical patients were turned away from some facilities with at least 6,900 NHS appointments canceled, according to NHS.

In all, more than a third of NHS trusts in England were disrupted by the ransomware, according to the U.K.’s National Audit Office (NAO).

The gambit is similar to another current scam led by emails coming from the “WannaCry-Hack-team”, with a subject line of “!!!Warning Wannacrypt!!!”

According to an alert from Sophos on Friday, the email reads, “Hello! WannaCry is back! All your devices were cracked with our program installed on them. We have improved operation of our program, so you will not be able to regain the data after the attack.”

The email then tells the victim when the data is scheduled to be deleted – unless, of course, the ransom (0.1 BTC of $650) is paid.

According to Sophos, there’s no malware, and the entire effort is simply fraud. The firm said the campaign is “very widespread.”

This isn’t the first time fraudsters have used WannaCry as a way to reel in victims. Last year, it was used as a hook to try and get people to click on the links within a very convincing BT-branded phishing email.

Consumers can protect themselves first and foremost by being skeptical of emails from unknown senders, and those claiming one’s machine has a virus infection. The “you’re infected” approach is a well-worn social-engineering tactic that’s been used in tech-support scams for years. In fact, last year an extortion campaign made the rounds in which consumers received pop-ups on their computers that claimed they had been infected with WannaCry. The pop-ups asked people to call a phone number connecting to scammers that were more than willing to take people’s money.

Also, keeping antivirus, software, apps and operating systems regularly up-to-date is a critical best practice.

Images courtesy of Action Fraud.

Suggested articles