Recently we have seen a number of clients asking about an email they received essentially saying hackers have their account password and you need to pay.  There are a few variations of this particular sort of email but they are all similar.  They mention installing a hacking program on your computer and that they have downloaded all confidential information on the system.  They give an example of a password that is likely old but was valid at one point, or could still be valid but they do not specify what account it is for.  They also tend to get a little more personal on the sort of information they might have on you, such as visiting adult websites and what sort of activities one may pursue on those sites, and then threaten to send that info/files/video clips to friends and colleagues. They then provide information for you to buy and send them digital currency within a given time window and will only delete and not send that information if paid.

Emails like these tend to come from groups that trade hacked account information on the dark web and refer to an account password that is years old and no longer relevant.  The emails themselves also tend to have many grammatical errors since they often times come from bots that are fed a list of emails and passwords to send a scripted email to.  Most who have looked into where the password came from (the author included) have found that it was one used years ago and likely came from an old list of account info that hackers obtained by hacking companies like Yahoo, eBay and Target.

What should one do if one receives an email like this?  M&H recommends that if the password is not currently in use for any accounts (email or otherwise) that the email be ignored and deleted as per normal protocol for spam and phishing emails.  If that account password is current for any accounts then the corresponding accounts have their password changed immediately to something unique and secure.  For more information or if there are any additional concerns, please contact M&H Consulting at 866-9MH-TECH or support@mhconsults.com.

Recently, there has been a major trend in crypto-currency-mining viruses and a decline in ransomware infections to hijack a victim’s information. With the increase in cyber security and crypto-currency-mining, hackers have been using a new version of Rakhni ransomware to scan a device and determine whether to pollute the computer with ransomware or installing a coin-mining program. This scan determines which option would be more profitable and acts accordingly view this email in your browser. The target of this scan is based around any folder labeled Bitcoin in the AppData section of any computer. The more profitable decision is based around whether that folder exists. If the system does have the Bitcoin folder, it will install ransomware to encrypt the folder and display a text file with money demands. If it does not exist and the device has two or more processors, it will install a Bitcoin-mining program. If neither of the criteria are met, meaning no Bitcoin folder and only one processor, then it infects the network to find its next victim.

So how do you protect your own information and prevent this type of attack? Never open suspicious files or links provided in an e-mail or on your web browser. On top of that, you will need to have a secure backup system in place and check daily that your antivirus is up-to-date. If any of our clients have any questions regarding this information or anything else, please do not hesitate to contact us at 866-9MH-TECH or email support@mhconsults.com.