WannaSpam – Beware messages from WannaCry-Hack-Team, it is the last hoax

Pierluigi Paganini June 24, 2018

WannaSpam – Many users have received a mysterious message that claims their PC was infected by WannaCry Ransomware. Crooks ask victims to pay a ransom, but it’s a scam.

Many users have received a mysterious message from a group that called itself the “WannaCry-Hack-Team” that claims that WannaCry Ransomware has returned.

The mail informs the recipients that their computer has been infected and ask them the payment of a ransom to avoid their files being deleted.

WannaSpam

This is a classic spam campaign that leverages the infamous notoriety of the WannaCry ransomware, for this reason, experts tracked it as WannaSpam.

The recipient’s computer is not infected so they only need to ignore the message and delete it.

On Reddit users reported to have received WannaSpam messages, the emails use different subjects to trick victims into pay the ransom.

Some of the subjects used are “!!!Attantion WannaCry!!!”, !!!WannaCry-Team Attantion!!!”, “Attantion WannaCry”, “WannaCry Attantion!”, or “WannaCry-Team Attantion!!!”.

Experts noticed a typo error in the word “Attention” that is reported in the email messages as “Attantion”.

The spammers ask victims the payment of a .1 bitcoin ransom, once the victims have made the payment will be instructed to send an email to  [email protected].

In case the recipients will not pay the ransom, the data will be deleted in 24 hours.

The expert  from BleepingComputer that reported the news also published a number of bitcoin addresses used by crooks behind WannaSpam campaign.

Below some of the bitcoin address used by crooks:

The good news is that at the time of writing there are users that were deceived by the WannaSpam, anyway, it is very important to spread the news of this new malicious initiative.

Below an example of WannaSpam message:

From: WannaCry-Hack-team [redacted]
Sent: 21 June 2018 10:36
To: [REDACTED]
Subject: WannaCry Attantion!

Hello! WannaCry returned! All your devices were cracked with our program installed on them. We have made improvements for operation of our program, so you will not be able to regain the data after the attack.

All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be impotent against our one-of-a-kind code.

Should your files be encrypted, you will lose them forever.

Our program also outspreads through the local network, erasing data on all computers connected to the network and remote servers, all cloud-stored data, and freezing website operation. We have already deployed our program on your devices.

Deletion of your data will take place on June 22, 2018, at 5:00 - 10:00 PM. All data stored on your computers, servers, and mobile devices will be destroyed. Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion.

In order to ensure against data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet:1Mvz5SVStiE6M7pdvUk9fstDn1vp4fpCEg

You must pay in due time and notify us about the payment via email until 5:00 PM on June 22, 2018. After payment confirmation, we will send you instructions on how to avoid data erasion and such situations in future. In case you try to delete our program yourself, data erasion will commence immediately.

To pay with bitcoins, please use localbitcoins.com or other similar services, or just google for other means. After payment write to us: [[email protected]](mailto:[email protected])

If you receive a WannaSpam email delete it!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – scam, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment