Results 1 to 15 of 15

Thread: Ransom message

  1. #1
    Ransom message

    Member Since
    Mar 31, 2011
    Posts
    111
    Your Mac's Specs
    2017 27" iMac
    Ransom message
    I have a MacOS Sierra on an iMac Retina 2017. I have received an email message sent to my Gmail account from "kahy@kmbibxqyb.com" telling me “I do know ***** is your passphrases [at ***** the message displays an old, OBE, out of use password]. Give me USD 869 at Bitcoin B*T*C* ad*dre*ss: 14cxPepKjJ8XR5k4u7jskJiqMH2vGFV5WY”

    There is a warning that if I do not send the money “i most certainly will send your video clip to each one of your personal contacts” The video clip is described as related to a visit I have presumably made to a pornographic website.

    The whole thing is phony. I have never been to a pornographic website, the “passphrase” the message claims to have is OBE and has been for a long time. I have no idea where they got the password, but it is no longer active anywhere.

    Just in case, I ran Malware Bytes Premium, Clam XAV, and SmartReporter. Everything is clean.

    Do I simply delete this message, or is there some cyber security website that likes to see these kinds of messages regardless of what they look like?

    If I have posted this in the wrong section, please say so. Of all the choices, this seemed the most logical.

  2. #2
    You can forward that message to the FBI if you want, and their Cyber division may look into it.

    In your case, you should PROMPTLY change all of your passwords on ALL of your sites (important or not) and also delete accounts on sites you do not use anymore.

    My guess is that your old password was probably leaked from some site and they are using scare tactics to get you to pay for it. Since this password WAS legitimate at one point in time, people will assume the rest of the threat is also valid and pay up.
    --
    Regards
    ...Ashwin


  3. #3
    Ransom message

    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    25,160
    Your Mac's Specs
    iMac, i7 4GHz, 32GB memory, 1TB Blade, OSX 14.4 Mojave,
    Just a scam and ignore.

    Get these slime bags threatening this all the time. Guess they work on the 1`% rule and this returns good money.
    Using OS X.7 or later make a bootable USB thumb drive before running Installer!

  4. #4
    Ransom message
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,459
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    This is becoming more commonplace and there are several threads in our Forums along the same lines.

    Don’t reply. Don’t negotiate. Ignore. In the process, you may need to clear your web browser caches.

    In addition, just as a precaution, download, install and run Malwarebytes app. Don’t pay anything for this. Take the 30 trial at the end of which it becomes free as an on-demand app.

    Clam XAV and the other AV products won’t help in the least and are best uninstalled.

    A quick search of our Forums will bring up similar threads and advice.

    Ian
    Ian

  5. #5
    Ransom message

    Member Since
    Mar 31, 2011
    Posts
    111
    Your Mac's Specs
    2017 27" iMac
    Thank you all. I have followed your advice. As IWT suggests, I did find other, similar reports at this Forum. Thanks for suggesting that. I am pretty sure I used this password at Anthem whose database of 80 million people was hacked in 2015. It has since been changed, but presumably it would have appeared in the hacked data. Maybe that's where "these slime bags" (in harryb2448's charming phrase!) got it. Anyway, again, thank you being here.

    For those interested, the email editor displays this in the message source information: (171-100-242-122.static.asianet.co.th. [171.100.242.122])

  6. #6
    Ransom message
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,780
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    As suggested it's probably time to do a bit of a security update especially for important sites. You might also like to consider getting a Password Manager, 1Password has been highly recommended, it will make using, managing and creating passwords a breeze.
    It also has a new feature called Watchtower" which allows you to audit and check passwords against email addesses for recent hacking events.
    I used to be conceited but now I'm perfect.

  7. #7
    Ransom message

    Member Since
    Mar 31, 2011
    Posts
    111
    Your Mac's Specs
    2017 27" iMac
    Reading 1Password's website, as suggested by Rod Sprague, led me to "have i been pwned?" at https://haveibeenpwned.com/ where I read "Mac Forums: In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form. Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames"

    I don't recall writing about that here, although I may have.

  8. #8
    Ransom message
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,780
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Yes we were all made aware of that at the time. We are prompted to change our password every 6 months but I do that a little more frequently myself. There have been more serious breaches recently as you probably read. My primary email came up on the Have I Been Pawnd site over a year ago as I am a subscriber to the site. That was as it turns out how I found out about 1Password's new features.
    I have over 100 sites associated with that email account so I'm not about to ditch it but many are out of date or redundant. I will slowly work my way through the important ones in my password manager and change passwords as I go. There really is no other way. The most important sites have 2SV or 2FA anyway and rest have little or no personal information anyway. Mind you I would be annoyed if someone locked me out of Mac Forums. Ransom message


    Sent from my iPad using Mac-Forums
    I used to be conceited but now I'm perfect.

  9. #9
    Ransom message

    Member Since
    Mar 31, 2011
    Posts
    111
    Your Mac's Specs
    2017 27" iMac
    Quote Originally Posted by Rod Sprague View Post
    I will slowly work my way through the important ones
    I have done that too. Yesterday's "ransom message" has prompted me to do some of it again. It's a nuisance, but clearly necessary.

    The "have i been pwned?" website is very nice in specifying which email address has been compromised and where. I thank you again for alerting me to 1Password which in turn alerted me to "have i been pwned?" (Incidentally, what is "pwned"? At first, I took it to be "passworded" but then why the n?)

  10. #10
    Ransom message
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,852
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Jake

  11. #11
    Ransom message
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,459
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    Well, Jake, I never knew that. I subscribe to Troy Hunt”s blog and podcasts so I am very familiar with the term.

    But I’m too embarrassed to admit what I thought it meant. I was assuming it was his Australian accent that appeared to mispronounce the word.

    Ian
    Ian

  12. #12
    Ransom message
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,780
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Thanks from me too Jake, I thought it meant pawned as in sold or traded. So now we know.


    Sent from my iPhone
    I used to be conceited but now I'm perfect.

  13. #13
    Ransom message
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,780
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    I have posted this seperatly but just FYI stefanmaine and those who contributed to this thread:

    Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt on his web site "Have I Been Pawned"
    This topic came up recently in another post and I mentioned that 1Password allows this via a new addition called Watchtower.
    I'm pleased to announce that my default password manager Enpass also has this facility. https://www.enpass.io/docs/manual-desktop/pwned.html
    Call me stupid but until today I was not aware of this so I cannot say how long this feature has been included. I found out purely by accident while reading the long list of "bug" fixes in the iOS update notes re a wrong message that may occur during the process of checking your passwords against the breached list (only for the iOS version).
    So I immediately checked my desktop version using the instructions in the above site and voila! A list of 29 passwords out of a total of 241 have been Pawned.
    Now to the time consuming job of changing them but a big thank you to Troy and Enpass.
    I used to be conceited but now I'm perfect.

  14. #14
    Ransom message

    Member Since
    Mar 31, 2011
    Posts
    111
    Your Mac's Specs
    2017 27" iMac
    Rod Sprague, Thank you for that post. I have used a password manager for many years, on PCs and now on Macs. As a result, it's got several categories and lots, really lots, of individual cards (apps, sites, credit cards, etc.) and, of course, a lot of passwords. Over the years, much of the data has become OBE, but the stuff sits there, rusting. Since reading your post this morning, I have downloaded the free version of enpass, and I am exploring and comparing it ... AND, while doing so, I am taking the opportunity to delete and discard where appropriate on my current manager. So, while I haven't decided yet whether I will shift to enpass or not, either way this exercise has prompted me to clean house, and I am grateful to you for that.

    Also, I have tested some of my passwords at pwned, with mixed results. I am glad to be doing that!

  15. #15
    Ransom message
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,780
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    Thats great, I'm doing much the same. Starting with the most important ones, things like financial institutions, social security etc. There is only one drawback I can see with Enpass, initially you have to enter each item manually. Some have complained that you cannot import passwords from another password manager but considering the options under Categories and tags I can't see how that would work anyway. Seems to me you would have to do a lot of editing afterwards.
    Once done it's a breeze to use.
    Last edited by Rod Sprague; 01-31-2019 at 01:27 AM. Reason: correction
    I used to be conceited but now I'm perfect.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. current ransom attacks affect macs???
    By kali89 in forum Security Awareness
    Replies: 12
    Last Post: 05-17-2017, 06:14 PM
  2. i-Message and FaceTime warning message
    By happyapple in forum Switcher Hangout
    Replies: 2
    Last Post: 09-24-2015, 04:26 PM
  3. New malware holds game data to ransom
    By dbm in forum Security Awareness
    Replies: 4
    Last Post: 03-14-2015, 06:15 AM
  4. I want to see only one message in the message window in Apple Mail
    By HansL in forum macOS - Operating System
    Replies: 4
    Last Post: 09-16-2013, 10:02 PM
  5. Unread message alert - but no message!
    By Gzornanplat in forum macOS - Operating System
    Replies: 0
    Last Post: 07-22-2008, 04:31 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •