WannaCry is back? No, it’s a scam mail

[German]During the last hours I stumbled twice over the keyword WannaCry. What looks like a return of this pest may turn out to be a scam or fraud email campaign. I thought I'd post it here for admins' information.


Two hits on WannaCry

The first impact came during browsing through postings on a German administrator forum, when I came across the article Wannacry – Malwarebytes. The question 'could it be the start of a new WannaCry' sprang into my head. But due to the nature of the forum posting I did not investigate further (the posting asked questions, that no admin will ask after a real WannaCry infection, hitting network computers.

Then I saw the above Tweet, which immediately triggered an 'Ok, an explanation' reaction.

Scammer plays WannaCry

The background to the MalwareTech Tweet is described by The Register in the article WannaCry is back! (Psych. It's just phisher folk doing what they do). Thursday, 21.06.2018 was not only Midsummer. But there was an unusually large wave of phishing emails (at least in Brittain). Action Fraud UK reported over 200 reports of this 'WannaCry attack' until The Register article was created.

IT support companies – apparently mainly based in the UK – have been bombarded with requests from insecure users. The supporters asked the customers to delete the mails and continue working. Black sheep among the supporters took the opportunity to install additional security software for the customer …


Affected users received the e-mail shown in the tweet above. Within the mail, the senders claim that WannaCry is back and that all files on the victim's computer will be encrypted. This can only be avoided by paying 0.1 bitcoins (approx. 650 US dollars). The aim of the message, with a payment deadline of June 22, 2018, is to create panic and collect the money. So if something like this comes to your attention: Just delete the mail and continue with your daily work.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *