Фейковый взлом с требованием выкупа
Возвращался я как-то с работы домой и пока ехал, решил проверить почту. В папке Входящие было пусто, однако в папке Спам забрело одно письмо. Я его открываю и вижу следующий текст:
So I’m a hacker who broke your e mail as well as device a couple of months back.
You entered your pwd on one of the websites you visited, and I intercepted it.
This is your security password of my_email@email.com on moment of compromise: rkdsjw2c3t
However you can can change it, or even already changed it.
Nonetheless this doesn’t mean much, my malicious software updated it each and every time.
Do not really try to make contact with me or even find me, it is impossible, since I sent this email from your account.
By means of your own e-mail, I uploaded harmful code to your Operation System.
I saved your entire contacts with friends, co-workers, loved ones plus a full histo ;ry of visits to the Online resources.
As well I set up a Trojan on your system.
You are not my only prey, I commonly lock pcs and ask for the ransom.
Nonetheless I was struck through the internet sites of close content material that you frequently visit.
I am in surprise of your own fantasies! I’ve never noticed anything at all like this!
Thus, when you had enjoyment on piquant web sites (you know what I mean!) I made screenshot with utilizing my program from your camera of yours device.
There after, I combined them to the content of the currently seen site.
Now there is going to be laughter when I send these images to your connections!
Yet I know you wouldn’t want that.
Consequently, I expect payment from you intended for my quiet.
My BTC wallet address: 1DpMeAFiLPVBp5ohwAqJALFLQrVQcfK77f
After receiving the given amount, all your details will be right away eliminated automatically. My trojan will also eliminate itself from your os.
My Computer virus have auto alert, so I know when this particular e-mail is read.
I give you 2 days (Forty eight hours) in order to make the payment.
PS I can present you with recommendation with regard to the future. Do not key in your passwords on risky web-sites.
I expect for your discretion.
Email и пароль я конечно же изменил, остальное в тексте осталось неизменным.
В чем смысл письма? Сейчас все узнаете.
Первым делом я конечно же обратил внимание, что указана моя почта и указан мой реальный пароль, который я использовал лет 7-8 назад. Но, в этом пароле не хватало одного символа. Это меня немного смутило, тем более, этот простейший пароль был использован для малозначащих сервисов.
Дальше в письме, в стиле статеек из журнала Хакер, идут запугивания, о том, что этот «хакер» взломал мой компьютер и установил на него троян, который постоянно обновляется и наверно, в скором времени накатит для него первый сервис-пак.
Дальше в письме, хакер грозится тем, что он сделал скриншоты, когда я посещал «пикантные сайты» и тем, что он разошлет эти скриншоты чисто поржать всем моим друзьям.
О какой злобный хакер!
Прочитал я это письмо и пошел. нет, не куда подальше, а за хлебом. Походил я еще с час в магазине и вспомнил: хакер же просил не терять времени, а времени у меня 48 часов. Пришел я домой, покушал, посидел пару часов на ютубе и опять вспомнил про хакера. Да нет, не про журнал Хакер, а про их читателя, который настрочил это письмо. Ладно, подумал я, и решил понять, почему и при каких обстоятельствах засветился мой пароль семилетней давности, причем не весь, а только его десять символов (а у меня пароль был более десяти символов).
Первым делом я зашел на сайт Have I Been Pwned и ввел там свой адрес почты:
Ого, оказывается мой Email засветился в утекших базах данных на 4 дырявых сайтах. Листаю ниже:
Первые три сайта я отмел сразу, так как я ими не пользовался, а вот MySpace меня неприятно удивил. Оказывается, еще в далеком 2008 году была утечка данных, при которой утекли данные почти 360 миллионов пользователей. Среди этих данных были адреса электронной почты, имена пользователей и SHA1 хэшей первых 10 символов пароля. И лишь в 2016 году эти данные начали продавать на «Real Deal».
Так вот, откуда была утечка первых десяти символов моего пароля и загадка разгадалась сама собой.
Прошло свыше 48 часов, а этот хакер до сих пор сидит и ждет свои 900 долларов на биткоин-кошелек.
На что рассчитан этот метод развода? На то, что жертва, увидев это письмо в своем ящике, сразу же поддастся панике и заплатит требуемую сумму. И только спустя некоторое время, жертва заподозрит, что ее обманули.
Не поддавайтесь на уловки мошенников и лучше спокойно обдумайте все, спросите совета на форуме и не переводите никому требуемую сумму.
UPD1: Спустя некоторое время, в своем служебном почтовом ящике я обнаружил немного видоизмененное письмо:
I have very bad news for you.
On this day your account admin@admin.ru has password: 1234567890
So, you can change the password, yes.. But my malware intercepts it every time.
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw.
I’m talk you about sites for adults.
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1FgfdebSqbXRciP2DXKJyqPSffX3Sx57RF
You do not know how to use bitcoins?
Enter a query in any search engine: «how to replenish btc wallet».
It’s extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your «enjoys».
I hope you understand your situation.
— Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
— Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
— Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Письмо довольно схожее с первым, но в этом случае, мой служебный почтовый ящик точно нигде не был засвечен и указанный пароль никогда не использовался.
В данном случае, недохакер просто наугад разослал письма в надежде на то, что кто-то клюнет на обман.
UPD2: Спустя месяц, пришло еще одно письмо, но уже с несуществующим обратным адресом:
I am well aware 1234567890 is your password. Lets get straight to purpose. You may not know me and you are probably thinking why you’re getting this email? No person has paid me to check about you.
actually, I actually placed a software on the xxx video clips (pornographic material) web site and do you know what, you visited this web site to have fun (you know what I mean). When you were viewing video clips, your browser initiated working as a RDP that has a key logger which gave me access to your display screen and also cam. Just after that, my software program gathered all your contacts from your Messenger, FB, as well as e-mailaccount. Next I created a video. First part shows the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web camera, and its you.
You will have just two possibilities. Shall we go through each one of these options in particulars:
1st option is to disregard this email message. In such a case, I am going to send out your actual video to almost all of your personal contacts and also just consider regarding the disgrace you will definitely get. Do not forget in case you are in an affair, just how it is going to affect?
You will make the payment through Bitcoin (if you don’t know this, search «how to buy bitcoin» in Google).
BTC Address to send to: 1EXotvNDE9f7CJhFNG5A6t1z1K4Zd5mzBd
[case-SENSITIVE, copy & paste it]
If you are looking at going to the law enforcement, anyway, this message cannot be traced back to me. I have taken care of my moves. I am also not looking to ask you for very much, I simply want to be paid for.
You now have one day to make the payment. I’ve a specific pixel within this e mail, and right now I know that you have read through this email. If I do not get the BitCoins, I definitely will send out your video recording to all of your contacts including friends and family, co-workers, etc. However, if I receive the payment, I’ll destroy the recording immediately. If you need proof, reply with Yup & I definitely will send your video recording to your 13 contacts. This is a non:negotiable offer, that being said please don’t waste mine time and yours by replying to this e-mail.
Схема все та же: также указаны первые 10 символов пароля и требование выкупа. Скорее всего данное письмо не последнее и в скором времени придет еще парочка подобных писем с чуть измененным содержанием.
Что делать, если ваш iPhone или iCloud взломали
There’s a huge grey area between cyber-criminals and white-hat hackers, who are usually hired by big tech companies to spot and report encryption and security flaws. Hackers aren’t always geniuses, but it’s a common misconception that often prevents both regular users and companies from taking the right measures to prevent cyberattacks or respond appropriately. The truth is that insecure data is relatively easy to hack.
Anybody can be a target to hackers, and the impact of being hacked can be far-reaching, including:
Hacking, phishing, and data theft can be avoided as long as the target knows how to protect themselves. And as much as we love helping users recover their data with iPhone Backup Extractor, we’d rather help you to avoid a data breach situation in the first place.
To keep your data safe, we wrote up a comprehensive article on how to protect your iPhone, Photos and iCloud account, and another on how to prevent companies from legally harvesting your data.
Что делать, если тебя взломали
If you’ve been hacked, you’ll need to follow these steps:
Contact the police. If someone claims they’ve stolen your data or tries to blackmail you, it’s likely a criminal offence. If someone is bullying your child online or has tried to get in touch with them in any way, contact the police and offer them all the data required. Ask your child whether they gave away personal data (address, family members’ name, school) and do your best to understand the full scope of the issue.
Take back your hacked account. The vast majority of online services have various protection methods to prevent users’ from losing data or access to their accounts.
Check if the account recovery options have been modified. Hackers may use various recovery options to make sure they can regain access to your account. Remove any suspicious recovery methods and update your account recovery options.
Обновите свои секретные вопросы, связанные со взломанными аккаунтами.
Activate two-factor authentication (2FA) on your devices or on your credit card. Any hacking attempt will be blocked before the start if you implement this security feature.
Check all associated accounts. If you discover a hacked account and you change the password, this doesn’t mean your data is safe. You need to check all accounts associated with the hacked email because all of your associated accounts are vulnerable. For example, someone could access your cloud account if is associated with the hacked email. Make sure you also update these credentials. Similarly, if you use the same password for multiple accounts, change the password for all accounts that use this password, not just your hacked account.
De-authorize apps able to access these accounts. Sometimes an infected app is responsible for the hacking. By removing them or disabling the access to the hacked account you can avoid future hacks.
Block your credit card. If your credit card data has been exposed or if your account was used by a hacker, block it as soon as it possible. Based on a filed police report, your credit card can be blocked by your bank.
Once you’ve taken these immediate steps, look into protecting your accounts and devices from new hacking attempts.
How to recover your data after you’ve been hacked
If you’ve lost your data following a hack, there are a number of things you can try to get it back.
If the ransomware is not one for which there is an unlocking tool then you don’t really have many options. If you have a backup of your data then the best option is usually to wipe your computer and restore from the backup.
Alternatively, if you have the System Restore (Windows) or Time Machine (macOS) options active, you can try to recover the encrypted data with a restore. On Windows, you can also try to retrieve your data using ShadowExplorer which is a tool that searches for shadow copies of your files and allows you to save them. This doesn’t always work as newer ransomware will also seek out and delete the shadow copy backups as part of the infection process.
Что бы вы ни делали, всегда проверяйте, удалили ли вы вредоносное ПО с помощью антивирусной программы. Если вы попытаетесь удалить шифровальщик-вымогатель, вы можете потерять все свои зашифрованные данные.
And remember.
If infected with ransomware, never pay up: your money is only going towards funding crime, and in many countries, it’s actually illegal to pay criminals in this way. If criminals see they can get you to pay once, they’ll know they can get you to pay again.
Вывод
Многих рисков кибербезопасности можно избежать, если немного подумать заранее. От нажатия на необычную ссылку до предоставления данных по ошибке непосредственно хакерам, ваша репутация, заработок и безопасность могут оказаться под угрозой. Следуйте этим рекомендациям, чтобы лучше защитить себя и свою семью.
Protect: protection from untrusted certificates
With the Protect system, Yandex Browser checks website certificates. The browser will warn you if the website cannot provide secure encryption of your data due to problems with the certificate.
Why websites need a certificate
Your personal data and payment information should be protected when you send them to a website. Websites use the HTTPS protocol for secure connection. The protocol activates an asymmetric encryption algorithm, where data is encrypted with a public key and decrypted with a private key. For each session, the browser regenerates the private key and transmits it to the website in addition to taking precautionary measures to prevent theft.
However, if you end up on a phishing website, it might get the private key and then decrypt your data. To protect against phishing, websites use digital certificates issued by special certification authorities. The certificate guarantees that the encryption keys actually belong to the website owner.
What makes an untrusted certificate dangerous
You may end up on a phishing website, or your data will not get the necessary protection on the original website (for example, if the website’s certificate has expired). As a result, hackers can:
Block websites with untrusted certificates
If the site can’t guarantee safe encryption due to problems with the site’s certificate, the site page won’t open and you’ll see in the SmartBox and a warning that a safe connection could not be established. In this case you can decide to either not visit the site, or add the certificate to your list of trusted ones.
Possible reasons for blocking sites
Yandex Browser blocks websites that have the following certificate problems:
This means that the security certificate saved on the server is not for the site that you opened. It’s likely that you ended up on a phishing site. If this is the case, hackers can intercept your data.
This means that the site gave itself a certificate. In this case, malicious software or hackers can intercept your data. To find out more, see Self-signed certificate.
This means that the center that signed the certificate is not trustworthy and can’t guarantee that the site is authentic. Malware or hackers can intercept your data. For more on root certificates, see the article Root Certificate.
If the certificate is expired, the data that is sent will not be encrypted, so attackers can intercept it.
This means that the site’s certificate was compromised and revoked. In this case, the data that is sent will not be encrypted, so attackers can intercept it.
If the server uses an outdated and unreliable encryption algorithm, hackers can intercept your data. Additionally, there is a significant chance that you ended up on a phishing site.
This means that the browser can’t establish an HTTPS connection because the website uses ciphers not supported by the browser. In this case, the data that is sent will not be encrypted, so attackers can intercept it.
This means that the root certificate key doesn’t match the website key. Hackers may try to replace the root certificate. Then they can intercept your data. To find out more about pinning (linking) a key, see HTTP Public Key Pinning.
This means that the browser could not enable encryption and broke off the connection. The server where the website is located normally uses encryption, since the HSTS protocol is enabled on it. Lack of encryption may be a sign of a hacker attack. In this case, hackers or malware can intercept your data.
If the certificate author is unknown
In this case, the certificate might have been installed by the network administrator or a random person. You will see the following warning:
If you aren’t sure of the certificate’s trustworthiness, but you want to visit the site, take the following security measures:
If the certificate is installed by the program
Antiviruses, ad blockers, site-monitoring programs, and others can substitute their own certificates for those of the website. In order to decode traffic, they generate their own root certificate and install it in the operating system, marking it as trustworthy.
However, a certificate installed by a special program cannot be considered trustworthy, because it does not belong to a trusted certification center. The following are potential dangers:
Yandex Browser warns you about these problems:
If the browser continues to warn you about a suspicious certificate even after disabling HTTPS checks, and you don’t need the program that installed the certificate, try temporarily closing that program.
How hackers steal your data and what to do to protect yourself
In the past, hackers were mostly threats against large companies actively using digital technology in business transactions. The worst that could have happened to an average user was to have data on one’s hard drive lost or to be locked out of one’s operating system. Which isn’t pleasant, but usually manageable.
Well, nowadays everyone uses digital tech for financial transactions, which means that in case of identity theft your problems won’t be limited to losing the family photo collection. Hackers work fast, too — according to 2017 research by Federal Trade Commission, it only took them nine minutes to attempt using info from a fake data breach. If your data gets compromised, you won’t have time to react — the only way is to use preventive measures. Here are the most common ways hackers get access to your passwords and data.
1. Brute force attacks
The most primitive and yet still quite effective method. The hacker will simply attempt to guess your password using specialized software that makes many attempts per minute. One would think that after hearing how important strong passwords are for the last few decades, people would be a little bit more careful. However, a recent study shows that at least 10 percent of people use one of the 25 worst passwords in existence, with a whopping 3 percent using the worst of them all — “123456.”
Use longer passwords. Every digit you add to a password increases the computing power necessary for successful attack exponentially.
2. Dictionary attacks
This approach uses a file containing a list of words from a dictionary and tries them as passwords one by one. That is why using existing words in the plain text as passwords is a very bad idea — a dictionary attack will guess it in a matter of seconds. Trying to group words together (e.g., “mysuperpassword”) won’t help.
Don’t use simple words and figure combinations as passwords. Don’t reuse the same password on many different services and never use the same passwords for accounts dealing with financial data and for registrations on shady third-rate services.
3. Guessing
Hackers can specifically use words and numbers that are meaningful to you. As soon as they have any personal information about you, they can use it to guess your passwords based on your potential personal attachment to these words: significant dates, names of loved ones, pets, addresses (current and former), etc. Although an average person is unlikely to be targeted individually, a few minutes search across your social media accounts will provide hackers with a frightening amount of personal data.
Although an emotionally meaningful password can be easy to remember, it is easy to guess as well — so avoid using them.
4. Spidering
This approach is more relevant for businesses and companies but can be applied to you personally if you use passwords based on your job at home. Many corporate passwords are based on terminology, slang, and facts relevant to the company or industry in question. At the same time, they are often simplistic enough to be guessed without trying too many permutations. Hackers don’t even have to collect the data manually — they use software similar to the tools used by search engines to identify keywords.
Most of these first four threats are solved by using strong passwords. But having different strong passwords for every registration is next to impossible when there are dozens of them to remember. Using a single password is not an option as well — if it gets compromised in one place all your accounts will be in danger.
Using a password manager to protect your passwords takes the best of both possible worlds. These tools keep all your passwords in a single vault protected by a master password. This way you can have strong and different passwords for every registration while only having to remember your master password.
5. Keyloggers
Keyloggers are a kind of malware that can be picked up on infected websites or from attachments in email. They settle on your file system and don’t cause any harm by themselves — but they, as the name suggests, log your every keystroke and transfer it to hackers. This way, they not only get access to all your passwords but to everything you do, including your personal and business correspondence (which is potentially even worse).
The only way to deal with keyloggers is to avoid visiting suspicious websites, never open attachments from unknown correspondents, and regularly check your file system with high-quality antivirus software.
6. Shoulder surfing
Not all methods hackers use are high-tech, but it doesn’t make them any less effective. Shoulder surfing is exactly what it says on the tin — a hacker will just look over your shoulder when you enter a password. It is more common for ATMs, credit card machines and smartphones — any device that uses short and easy to memorize PINs and are normally accessed in public places.
The takeaway: Don’t leave passwords in plain sight and always be wary of people around you when you type in your password or PIN.
7. Social engineering
Another low-tech yet high-yield approach. The hacker just asks you to give him your password. The most common approach is to call an office, introduce oneself as a member of IT security, and ask for a network password. If it is done in a sufficiently matter-of-fact and confident manner, a surprising number of people give up their personal and corporate data without missing a beat.
8. Phishing
Phishing is more or less the same as social engineering but it is done with the help of emails imitating correspondence from a legitimate service (online banking, payment system, etc.) and asking the user to log in and solve some security problem with his account. The email leads to a fake website that looks similar to the real one, and the user is fooled into submitting his password. Be sure to check all links before you click on it.
A healthy fear of hackers
The danger from loss of personal data grows together with our dependence on digital technology. So make sure you maintain a healthy paranoia to meet the demands of the times.
