My Bitcoin Ransom Saga..
Recently, I experienced the infamous email doing the rounds whereby scaring the recipients that their account had been hacked, that the hacker had acquired images and would share this haul with all my contacts consisting of family and friends. So naturally once I opened this email, I decided to get to work and uncover this person to put the fear back into their eyes. After approx 10 minutes of sleuth-ing, I found enough details to bring this maniac to his/her knees. Below is the email received and further below is the response sent back; Yes, thats right… SENT BACK!
Personal information has been edited for obvious reasons.
From: jxxxxxx@???.com.au <??????.com.au>
Sent: Saturday, 30 March 2019 8:08 AM
From: Robert <robert@*****.nl>
Sent: Saturday, 30 March 2019 11:30 AM
Firstly, I would like to refer you to a quote you may have heard… “The hunter just became the hunted!” Let that sink in for a second as for an opening liner on an email, that’s pretty intense.
Now that I have your full attention, you need to cease trying to scam users believing you have hacked their inbox or email accounts. Your methods are full of flaws to those in the know and as you can see, I have used your account now to send you this message back. Pretty neat huh.
I have more than the average amount of children in my family so obviously watching and finding the time for porn is definitely unachievable at my place. I would rather spend my time making a nice dinner for the family or enjoying life away from the office. I can forward you (or me in this instance since you own my account) some of my recipes if you like and you can provide me some feedback.
I am familiar with RDP protocol services that you mentioned and wonder how that works on a Linux client since that protocol is a Microsoft service. Lesson here: never assume.
I have taken this opportunity to also BCC your hosting providers admin account so they list your domain on an RBL – as well as with other authorities so they can see you’re using their services for malicious activities.
Your servers’ ports have also been scanned and my next step will be to flood your network with fake traffic making your server and network unusable. Not bad for a cook, right?
Just to show you this isn’t a fake email such as the spoofing mail initiated from your side, see the below details I was able to collect within 3 minutes:
https://server28.xxxxxxx.nl/phpmyadmin/ Nice choice!
Your top 10 open ports are below
21/tcp open ftp
22/tcp open ssh
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
There is no need to reply as clearly, your replies will also be sent to your own mail account as I am already here.
If you are a novice user who thought you would try your hand at making fast money for doing nothing, I applaud your efforts but obviously, you picked the wrong target. You need to plan prior to a task like this.
If you are an experienced user (and I use this term lightly judging by the content you sent me) you know the possibilities from here.
You have been warned.
Above all, enjoy your day & let me know about those recipes 🙂