Sensitive details have been changed to protect the privacy of the aforementioned sarcastic.
I greet you!
I have bad news for you.
06/28/2018 - on this day I hacked your operating system and got full access to your account [username@domain.com] On that day your account ([username@domain.com]) password was: [password]
It is useless to change the password, my malware intercepts it every time.
How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.
I want to say - you are a big pervert. You have unbridled fantasy!
After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.
I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $996 is a very small amount for my silence.
Besides, I spent a lot of time on you!
I accept money only in Bitcoins.
My BTC wallet: 15ZHnf1MPn6ybb8yUeAoCQ1AJtiKhg3NrP
You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!
For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!
After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".
I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.
P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.
From now on, I advise you to use good antiviruses and update them regularly (several times a day)!
Don't be mad at me, everyone has their own work.
Farewell.
Apart from being a well-known internet scam, this kind of fails the credibility test when you consider that it apparently took three months for them to try extorting me, the two day "threat" somehow starts after I open a text e-mail, somehow "hacking a router" enabled them to compromise my operating system, and none of my PCs have webcams - only my phone and tablet, and good luck hacking those.
The e-mail came from 51.37.3.164 which is in Vodafone Ireland's RIPE block, but who knows if it was a script kiddy user or the end of a VPN tunnel.
inetnum: 51.37.0.0 - 51.37.15.255
netname: VODAFONE-IRELAND-INFRA
descr: Vodafone Ireland Limited
country: IE
org: ORG-EL3-RIPE
admin-c: AD2783-RIPE
tech-c: AD2783-RIPE
status: LEGACY
mnt-by: EIRCELL-ASNMNT
created: 2016-10-27T12:23:39Z
last-modified: 2016-10-27T12:23:39Z
source: RIPE
What's irritating is that the password was correct. It's one I've used for years for low-grade crap I don't really care about like internet forums and e-tailers. Some idiot has had their database stolen and sold, and now every script kiddy out there is e-mailing the contact details on it, hoping someone is credulous and stupid enough to actually pony up some cash.
So after dumping the contents out of Lastpass and sadly staring at all the instances of [password], I got to spend a merry three hours logging into every one of the 37 resources where I used it, changing the password to a complex unique one, updating Lastpass, and testing everything.
At least the next time around I will be able to tell who the data leak is from by the unique password.
