I think I have been hacked into by Wannacrypt

Member_2_7966113 used Ask the Experts™
Hello Experts,

I received the email below, and I was wondering if I should be worried? As you can see, the suggestion is that all my data will be erased. Please let me know you think this is just a hoax?

Hello! WannaCry is back! All your devices were cracked with our program deployed on them. We have perfected operation of our program, so you will not be able to regain the data after the attack.
All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be strengthless against our unique code.
Should your files be encrypted, you will lose them forever.
Our program also expands through the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices.
Deletion of your data will commence on June 22, 2018, at 5:00 - 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion.
So as to prevent data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet:1JNA8bedQbSEikZMF7FQFA1r9K1qA2RUtW
You must pay timely and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations from now forth. Should you try to delete our program yourself, data erasion will commence shortly.
To pay with bitcoins, please use localbitcoins.com or other similar services, or just google for other means. After payment write to us: support_wc@bitmessage.ch


Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Your only practical action is to restore your files from backup. Clean up system first by removing viruses, and possibly rebuilding the worst systems
Most Valuable Expert 2013

If they have to email you to tell you (how would they get your address?) I'd be much less concerned than if they popped a similar message on your local machine spontaneously.  It's a good reminder that you should always be keeping good backups whether for ransom ware protection or any other reason.
IT Systems Manager
We've had loads of clients get this email today (ourselves included) -  it's just a spam email designed to scare people rather than an actual infection (I haven't found any suspicious applications on any of our servers/systems).

From a logical point of view why would would you give users a heads up that you intend on messing with their systems and giving them 24 hours to get safeguards in place to protect themselves? It's like someone putting a letter through your front door saying "we're going to rob your house tomorrow at 6pm and there's nothing you can do to stop us".

Agree that you should always ensure you have an up to date (and reliable) backup available of all crucial data in case you do ever get hit by it, but IMO the above isn't any actual infection and just junk mail designed to scare you.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Scott CSenior Engineer
I agree with Andy M.  Looks like phishing and trying to collect money without them having to actually do anything.

Just to be safe, make your backups and keep them off of your system.


Thanks guys,

I was genuinely worried.

I will back up files as you suggested.

nociSoftware Engineer
Distinguished Expert 2018

1) have a backup of a few weeks back stored/secured against removal.   (and NOT CONNECTED to the current network)
2) have DATA ONLY backups for current data....
3) compartimentalize your network,  requiring need to access policies to get from one VLAN to another.
4) check privileges everywhere, no write access unless it is needed...
(THe above should almost be a no-operation as the should be in best practices already).

Prepare a fresh server disconnected from the network that can serve backups (from not connected storage). if needed.
The server should be READONLY access from outside systems when connected.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial