WannaCry ransomware scam tries to extort money without actually infecting your computer

They couldn’t even be bothered to write the malware.

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

I’m indebted to a reader for forwarding me the following email that appears to have been spammed out to computer users, threatening to destroy “all
data stored on your computers, servers, and mobile devices.”

Wannacry email

Sign up to our free newsletter.
Security news, advice, and tips.

The email, reproduced below, claims that the notorious WannaCry virus is back – and unlike its earlier incarnation it doesn’t just infect Windows computers.

Here is part of the email that has been sent out to people:

Hello! WannaCry is back! All your devices were cracked with our program installed on them. We have improved operation of our program, so you will not be able to get your data back after the attack.

All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be forceless against our unique code. Should your files be encrypted, you will lose them forever.

Our program also expands through the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices.

Deletion of your data will take place on June 22, 2018, at 5:00 – 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion. In place to prevent data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet: [REDACTED]

You must pay timely and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations from now forward. Should you try to delete our program yourself, data erasion will commence shortly.

Of course, the email is nonsense. There isn’t a version of WannaCry that infects Windows, Macs, Linux, iOS, and Android devices.

Whoever is behind this malware campaign is simply hoping that a small percentage of recipients will be fooled into paying up. If enough do, the scammers will make a tidy profit – without having had to make the effort of actually writing any malware!

Of course, it still makes sense for everyone to follow security best practices, keep your anti-virus updated, and systems patched.

But is this email really about a new incarnation of WannaCry? Nah.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “WannaCry ransomware scam tries to extort money without actually infecting your computer”

  1. Chiny

    I had one of these emails using a most unlikely (but real) To: address. Personally I run RansomeWhere as an additional defence, so I'm not panicking yet.

    Incidentally, why do *all* scams involve flaky English ?

    RansomeWhere (no connection, just a humble user)

  2. furriephillips

    I've seen this a fair bit, and just forward them on with a phishing report tool.

    It's like spam, where they deliberately (or accidentally – who cares), use language and spelling that keeps their victim pool in the same arena as other spam/419 scams. Like a digital Darwin Awards; it must work for them, or they'd adapt..

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.