Cybercrime Firm Warns of Rising Reports of Fake WannaCry Ransomware
Cybercrime involving cryptocurrencies is on the rise. Today, the U.K.’s national reporting center for fraud and cyber crime, Action Fraud, has issued warnings about a new phishing campaign using the infamous WannaCry ransomware.
Increase in RansomwareAction Fraud claimed last Friday that it had already received 300 reports over the previous two days about the scam emails, which attempt to trick readers into believing they have an infected computer. The emails claim that users’ devices are hacked and that files will be deleted unless a fine is paid in Bitcoin. In reality, the emails are just a phishing exercise used to extort money from unknowing victims.
“The WannaCry emails are designed to cause panic and trick you into believing that your computer is infected with WannaCry ransomware,” Action Fraud said in an alert. “In reality the emails are just a phishing exercise to try and extort money. The emails claim that all of your devices were hacked and your files will be deleted unless you pay a fine to the fraudsters in Bitcoin.”
It was last May when reports surrounding WannaCry’s ransomware attacks first appeared. The attacks infected more than 250,000 computers in 150 countries. In the U.K., the attacks were widely publicized, having disrupted over 1/3 of National Health Service (NHS) Trusts as well as 600 independent practitioners, causing the cancellation of an estimated 19,000 appointments and operations.
Action Fraud has been called upon several times already to warn U.K. citizens of scams using WannaCry as bait — although most happened in the weeks following the initial outbreak. Other examples of attacks saw BT Group-branded phishing emails that urged users to click to confirm a security update apparently carried out by the communications giant to protect them following the initial attacks. Unfortunately, users were tricked.
“One victim fell for the scam after calling a ‘help’ number advertised on a pop-up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware,” Action Fraud said. “The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.”
Action Fraud offers several tips on how to protect oneself from attacks from WannaCry and similar ransomware:
“If you receive one of these emails, delete it and report it to us. Do not email the fraudsters or make the payment in Bitcoin. Additionally you should always update your Anti-Virus software and operating systems regularly and follow our advice on how to deal with ransomware.”
Crypto and CybercrimeAs NewsBTC reported in March, the largest category of cybercrime involving cryptocurrency so far in 2018 have been exchange-related (see Coincheck hack), which have accounted for up to 27% of attacks.
The second largest group of victims of cybercrime were regular people and businesses. According to the cybersecurity firm Carbon Black, these made up 21% of the total crimes involving cryptocurrency. The most common method used is ransomware like WannaCry, although there are others, like crypto-jacking (illegal coin mining).
According to Helge Husemann, product manager for internet security firm Malwarebytes, crypto-jacking as a form of cybercrime has been on the rise. Just last year YouTube experienced a threefold increase in illegal coin mining via malware-embedded ads.
He also noted that Showtime, Browsealoud, as well as U.K. government websites, and more, fell victim to illegal mining scams. Some of these went undetected for several months, netting the hackers behind the attacks hefty profits.
Husemann said that on average, Malwarebytes has been blocking eight million malicious mining attempts per day — equating to an astonishing 248 million per month.
“The illicit gains from illegal crypto-mining contribute to financing the criminal ecosystem, costing billions of dollars in losses and disruption of business services from compromised assets.”
Featured image from Shutterstock.