A new ransom-based email scam campaign is demanding that all recipients either meet the sender's demands and pay up or die. On 11 December, Spiceworks user Dave Lass shared the campaign with other members of the professional IT industry network. The scam doesn't waste any time in attempting to frighten the recipient. It begins with the subject line "Please read this it can be the most important information in your life." Assuming that the user opens it, they're greeted with a message that appears to come from a hitman who's received an assignment to kill them:
Hello I advise you to take this message seriously, if you value your life, since this is not a joke or a scam. I've been thinking for a long time whether it's worth sending this message to you and decided that after all you still have the right to know. I'll try to be short. I received an order to kill you, because your activity causes trouble to a particular person. I studied you for quite a time and made a decision to give you a chance, despite the specifics of my job, the business rules of which do not allow me to do this, as this will kill my reputation (more 12 years of perfect order executions)in certain circles. But i decided to break a rule since this is my last order (at least I do hope so). In general, let's Break it down. I want you to pay the amount of 0.5 Btc. I accept btc. Information how to forward you can find in Google. Here are my payment details: 168firBiYcezkNhpe2CEie3JgjzvF2bfZP When i will receive funds I'll send you the name of the man order came from, as well as all the evidence i have. You will be able to use them with the police. I would not suggest you to call the police, because you have a little time (2 days) and the police simply will not have time to investigate. Answering to this letter does not make sense, i use one-time mailbox, cause i really do care about my anonymity. I'll contact you as soon as i'll getfunds. I really regret that you became my prey.
Naked Security's Mark Stockley is justified to hope that most recipients of this scam would "laugh at its sheer preposterousness." And indeed some have fulfilled that wish. One Spiceworks user Bweber93 who read Lass's post pointed out a contradiction in that the scam says it will provide evidence to the recipient so that they can contact the police but in the next sentence recommends not alerting the authorities. Another known as Dataless joked around by encouraging the hitman to "[p]lease stop by tomorrow and finish the job, my family could use the life insurance money." Yet another user who goes by "DZee" perhaps had the best response with a take on the movie Taken:
Besides, I know a guy with a very particular set of skills. Skills he has acquired over a very long career. Skills that make him a nightmare for people like you. If you forget about this now that'll be the end of it. He will not look for you, he will not pursue you, but if you don't, he will look for you, he will find you and he will take all your bitcoins.
Even so, there's still the fear that someone could fall for the scam given the stakes involved and pay the 0.5 BTC ransom, a demand which as of this writing is worth 8,625 USD. Fortunately, no one has fallen for the scam yet and sent money to the attackers' Bitcoin wallet. Let's hope it stays that way.
With that said, organizations should implement email filtering solutions to prevent these types of messages from getting through. At the risk of someone hacking their email server and sending out these types of scams, they should also take steps to protect their domain name, efforts which should include familiarizing themselves with pharming and other common phishing attacks. Lastly, they should consider implementing foundational controls that, among other things, monitor their accounts for suspicious logins. You can learn more about one set of security measures and how they work with Tripwire's solutions here.
