[German]During the last hours I stumbled twice over the keyword WannaCry. What looks like a return of this pest may turn out to be a scam or fraud email campaign. I thought I'd post it here for admins' information.
Advertising
Two hits on WannaCry
The first impact came during browsing through postings on a German administrator forum, when I came across the article Wannacry – Malwarebytes. The question 'could it be the start of a new WannaCry' sprang into my head. But due to the nature of the forum posting I did not investigate further (the posting asked questions, that no admin will ask after a real WannaCry infection, hitting network computers.
Scriptkiddies sending out emails pretending to be WannaCry telling people if they don't pay their files will be deleted https://t.co/FkLETQqdml
— MalwareTech (@MalwareTechBlog) 21. Juni 2018
Then I saw the above Tweet, which immediately triggered an 'Ok, an explanation' reaction.
Scammer plays WannaCry
The background to the MalwareTech Tweet is described by The Register in the article WannaCry is back! (Psych. It's just phisher folk doing what they do). Thursday, 21.06.2018 was not only Midsummer. But there was an unusually large wave of phishing emails (at least in Brittain). Action Fraud UK reported over 200 reports of this 'WannaCry attack' until The Register article was created.
IT support companies – apparently mainly based in the UK – have been bombarded with requests from insecure users. The supporters asked the customers to delete the mails and continue working. Black sheep among the supporters took the opportunity to install additional security software for the customer …
Advertising
We are receiving reports this morning of a #wannacry threat email being widely received.
It is designed to cause panic resulting in payment of their empty threat.
If you have concerns speak with your IT company.
Finally – use this as an opportunity to review your backups! pic.twitter.com/GQSOCmwdk1
— Pro-Networks (@pronetworksuk) 21. Juni 2018
Affected users received the e-mail shown in the tweet above. Within the mail, the senders claim that WannaCry is back and that all files on the victim's computer will be encrypted. This can only be avoided by paying 0.1 bitcoins (approx. 650 US dollars). The aim of the message, with a payment deadline of June 22, 2018, is to create panic and collect the money. So if something like this comes to your attention: Just delete the mail and continue with your daily work.
