From groggyhimself@lemis.com Tue Nov 27 14:42:49 2018 Date: Tue, 27 Nov 2018 14:42:49 +1100 From: Greg 'groggy' Lehey To: abuse@netvigator.com, dnsadmin@netvigator.com Subject: Ransomeware attempt from your network Message-ID: <20181127034249.GA74100@eureka.lemis.com> References: <002701d4857c$055cecd0$653c50ba$@lemis.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Pd0ReVV5GZGQvF3a" Content-Disposition: inline In-Reply-To: <002701d4857c$055cecd0$653c50ba$@lemis.com> Organization: LEMIS, 29 Stones Road, Dereel, VIC, Australia Phone: +61-3-5309-0418 Mobile: +61-490-494-038. Use only as instructed. WWW-Home-Page: http://www.lemis.com/grog X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 User-Agent: Mutt/1.6.1 (2016-04-27) Status: RO Content-Length: 3785 Lines: 101 --Pd0ReVV5GZGQvF3a Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I recently received this ransomware attempt. Given that it's from a static IP, you should have no difficulty tracking the perpetrator. I refer to the issue at http://www.lemis.com/grog/diary-nov2018.php#D-20181127-024727 I'd appreciate feedback Greg -- Sent from my desktop computer. Finger grog@lemis.com for PGP public key. See complete headers for address and phone numbers. This message is digitally signed. If your Microsoft mail program reports problems, please read http://lemis.com/broken-MUA --6c2NcOVqGQ03X4Wi Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: groggyhimself@eureka.lemis.com Delivered-To: groggyhimself@eureka.lemis.com Received: from eureka.lemis.com (eureka.lemis.com [192.109.197.137]) by eureka.lemis.com (Postfix) with ESMTP id 578994494B3 for ; Mon, 26 Nov 2018 14:16:38 +1100 (AEDT) X-Original-To: groggyhimself@lemis.com Delivered-To: groggyhimself@lemis.com Received: from www.lemis.com [208.86.226.86] by eureka.lemis.com with POP3 (fetchmail-6.3.26) for (single-drop); Mon, 26 Nov 2018 14:16:38 +1100 (AEDT) Received: from 132.225.76.219.static.netvigator.com (132.225.76.219.static.netvigator.com [219.76.225.132]) by www.lemis.com (Postfix) with ESMTP id 5FD4B1B72851 for ; Mon, 26 Nov 2018 03:14:43 +0000 (UTC) From: To: "no spam!" Subject: Threat to your security! groggyhimself@lemis.com has been compromised. Date: 26 Nov 2018 18:16:14 +0700 Message-ID: <002701d4857c$055cecd0$653c50ba$@lemis.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: Acfv6rg6t1kpsr2nfv6rg6t1kpsr2n== Content-Language: en-us X-UIDL: ^(X!!f69!!T3E"!EL##! Hello! I'm a member of an international hacker group. As you could probably have guessed, your account groggyhimself@lemis.com was hacked, because as I messaged you from your account. On moment of infection groggyhimself@lemis.com was this password: no spam! Within a period from August 24, 2018 to November 14, 2018, you were infected by the virus we've created, through an adult website you've visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we've gotten full dumps of these data. We are aware of your little and big secrets...yeah, you do have that. We saw and recorded your doings on porn websites. Your tastes are so weird, you know.. But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one... Transfer $778 to my Bitcoin wallet: 1HRnCZDJ1coQG31Rni6xNyAoQwzfhndLt1 I guarantee that after that, we'll erase all your "data"! A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If you do not pay, all dumps of your messages and videos recorded will be automatically sent to all your contacts found on your devices for this moment. Also, the operating system of your device will be suspended. You should always think about your security. We hope this case will teach you to keep your secrets. Bye! --6c2NcOVqGQ03X4Wi-- --Pd0ReVV5GZGQvF3a Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlv8vTkACgkQIubykFB6QiOQwgCeM1Usd0x5XvVHiIwoJ5VSLfvS 1vkAoJu1qBoUQZV/2PjfM4AX64IUTE+H =/L+0 -----END PGP SIGNATURE----- --Pd0ReVV5GZGQvF3a--