Link to home
Start Free TrialLog in
Avatar of Oscar
OscarFlag for United States of America

asked on

respond to ransom Email Virus

How to respond to a ransom email effectively?
A client received a ransom email (the client has a common email address that few employee login to webmail to respond to their customers inquiry) that shows their email password and indicated they visited a porn site and the hacker installed a key logger on their computer and stole their password, now the hacker request money in form of bitcoin or otherwise...
They do have SonicWALL firewall,  I need suggestion after I changed password of email, if they have to clean every device in office (10 Computers and a server) and install good antivirus on workstations.
 
Regards.
Oscar
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Andrew Ceohan
There's a good chunk of these types of emails lately.

https://blog.barkly.com/new-sextortion-scam-real-passwords-fake-threat

If it was me, I'd still be suspicious and want to dig deeper.  It almosts sounds like they don't have AV per your post.  First thing I would do is look at a good AV vendor, I prefer ESET and recently found out it's used at Google.  The second thing I would do is make sure the SonicWALL is up to date firmware wise and security subscription wise.  If your not using CATP, buy it, if your not using DPI SSL, look into it.  Once you've verified the environment is indeed good and clean, then change passwords on PC's, Emails, ect.  It does not hurt to do this anyway, you should have a password policy in place.  After that, I would look into getting a Shared Email account setup as everyone should have their own and only access a shared account for that purpose.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is a common scam.  Some website was hacked where they used that user name and password and now the hacker is using that information as "proof" he's hacked your computer when he has no idea who you are, where you are, or what you've done, hoping you'll fall for it.

Look, there is a non-zero chance they really have done this... but in my OPINION, 99.99% this is part of a scam as I describe above.

What should be done is:

1. Stop sharing the account
2. Use different passwords for every site visited (because now that hacker, if they want, can potentially get in to any site where you used that password)
3. Put in appropriate security measures to prevent future issues.  (Antivirus, firewalls, web filters, training, IPS/IDS systems, etc).
yes, scam I had a client that opened a communication line with them, and they got more info, not sure how but it may be a trick.  I say ignore it.
this so called ransom mail is a result from sites like LinkedIn being breached.

They are totally bogus. And can be safely ignored.

There are third party sites to see if certain accounts / email addresses have been breached, e.g. https://haveibeenpwned.com/

run the email address through their and make sure to change the password on any breached site. And possibly any other location that uses the same password.
ps it happened to me with a very old password on LinkedIn.

ps ps, it's wisest to never use the same password on business apps as on social media sites. Instruct your users well.
Avatar of Kimputer
Kimputer

Please note, a clear sensible mind would've told you already this email is total bullocks.

If you actually read the email, you'd know it DOESN'T make any sense. Use your head. Really.
While there's a pressure mechanism at work, a clear head always prevails. Some people, are quite willing to pay the ransom even though:

The email claims the webcam has been hacked, and footage has been recorded. Most people WHO DO NOT HAVE A WEBCAM on their PC, STILL FREAK OUT!!!
The email claims you have to pay, and then your data is deleted. THERE'S NO WAY THAT IF YOU PAY, the other side even knows it's you who paid. There's no way for you to let "the ransom holder" know that you paid from this bitcoin address etc etc, and he should delete this specific personal data. This is a one way communication!!! (They use your own email address as reply address as "proof")

Despite these holes (there are many many more), people are just willing to pay up, it's really just unbelievable. It doesn't matter how many other untruths there are, people keep falling for it.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
When sites get breached their usename/email and password lists are dumped and available on the darkweb or via pastebin, then everyone is sent the email. Given the cost of email these days (almost nothing) then anyone that pays is pure profit for next to nothing effort. report the bitcoin address to the authorities i.e. FBI.  they may take action or just tell you to delete the email and continue on with your life.
Avatar of Oscar

ASKER

Thank you all. I ignored the email..
You're welcome!

Ignoring ransomware email == Good choice!