Avatar of Oscar
Oscar
Flag for United States of America asked on

respond to ransom Email Virus

How to respond to a ransom email effectively?
A client received a ransom email (the client has a common email address that few employee login to webmail to respond to their customers inquiry) that shows their email password and indicated they visited a porn site and the hacker installed a key logger on their computer and stole their password, now the hacker request money in form of bitcoin or otherwise...
They do have SonicWALL firewall,  I need suggestion after I changed password of email, if they have to clean every device in office (10 Computers and a server) and install good antivirus on workstations.
 
Regards.
Oscar
* virus cleanupSecurity

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
John

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Andrew Ceohan

There's a good chunk of these types of emails lately.

https://blog.barkly.com/new-sextortion-scam-real-passwords-fake-threat

If it was me, I'd still be suspicious and want to dig deeper.  It almosts sounds like they don't have AV per your post.  First thing I would do is look at a good AV vendor, I prefer ESET and recently found out it's used at Google.  The second thing I would do is make sure the SonicWALL is up to date firmware wise and security subscription wise.  If your not using CATP, buy it, if your not using DPI SSL, look into it.  Once you've verified the environment is indeed good and clean, then change passwords on PC's, Emails, ect.  It does not hurt to do this anyway, you should have a password policy in place.  After that, I would look into getting a Shared Email account setup as everyone should have their own and only access a shared account for that purpose.
SOLUTION
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Lee W, MVP

This is a common scam.  Some website was hacked where they used that user name and password and now the hacker is using that information as "proof" he's hacked your computer when he has no idea who you are, where you are, or what you've done, hoping you'll fall for it.

Look, there is a non-zero chance they really have done this... but in my OPINION, 99.99% this is part of a scam as I describe above.

What should be done is:

1. Stop sharing the account
2. Use different passwords for every site visited (because now that hacker, if they want, can potentially get in to any site where you used that password)
3. Put in appropriate security measures to prevent future issues.  (Antivirus, firewalls, web filters, training, IPS/IDS systems, etc).
Dan

yes, scam I had a client that opened a communication line with them, and they got more info, not sure how but it may be a trick.  I say ignore it.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
J Spoor

this so called ransom mail is a result from sites like LinkedIn being breached.

They are totally bogus. And can be safely ignored.

There are third party sites to see if certain accounts / email addresses have been breached, e.g. https://haveibeenpwned.com/

run the email address through their and make sure to change the password on any breached site. And possibly any other location that uses the same password.
J Spoor

ps it happened to me with a very old password on LinkedIn.

ps ps, it's wisest to never use the same password on business apps as on social media sites. Instruct your users well.
Kimputer

Please note, a clear sensible mind would've told you already this email is total bullocks.

If you actually read the email, you'd know it DOESN'T make any sense. Use your head. Really.
While there's a pressure mechanism at work, a clear head always prevails. Some people, are quite willing to pay the ransom even though:

The email claims the webcam has been hacked, and footage has been recorded. Most people WHO DO NOT HAVE A WEBCAM on their PC, STILL FREAK OUT!!!
The email claims you have to pay, and then your data is deleted. THERE'S NO WAY THAT IF YOU PAY, the other side even knows it's you who paid. There's no way for you to let "the ransom holder" know that you paid from this bitcoin address etc etc, and he should delete this specific personal data. This is a one way communication!!! (They use your own email address as reply address as "proof")

Despite these holes (there are many many more), people are just willing to pay up, it's really just unbelievable. It doesn't matter how many other untruths there are, people keep falling for it.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
David Johnson, CD

When sites get breached their usename/email and password lists are dumped and available on the darkweb or via pastebin, then everyone is sent the email. Given the cost of email these days (almost nothing) then anyone that pays is pure profit for next to nothing effort. report the bitcoin address to the authorities i.e. FBI.  they may take action or just tell you to delete the email and continue on with your life.
Oscar

ASKER
Thank you all. I ignored the email..
David Favor

You're welcome!

Ignoring ransomware email == Good choice!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck