Obvious Scam but..

[Outcast]

How did they get all my details perfectly correct ?

(Name, Address, & Phone Number)

*** link to malware removed ***

So I googled ruebsamen and it appears to be some kind of computer fan site.

=================================================


Ok so I downloaded the Zip file and pulled it into Virtualbox and ran it..

Ta Daaaaar.....

RansomWare

Spoiler

Question remains though .... How'd they get my exact details ?

 

[something daft already!!]

I would say you have given your name, address and phone number to someone unscrupulous. Either that or you have upset someone who has that information.

 

[Jono]

Is that information on a public facebook profile or something?

 

[Outcast]

Is that information on a public facebook profile or something?

Nope !

 

[Diddums]

First time I've ever seen this ransomware in action. Looks nasty!

 

[Maccy]

First time I've ever seen this ransomware in action. Looks nasty!

Same.

Link above doesn't work either, probably just as well!

 

[Raumarik]

Seen a few ransomware attacks in the past year, it's all too common in large companies sadly especially those with access to personal e-mail at work.

OP chances are they got your details from a hacked site you had shared them with, 707 million accounts were compromised in 2015 alone according to recorded/reported breaches. It's also now more common for your basic information to be shared between companies under data sharing agreements without consent, with implied consent, or with consent but lots of small print.

 

[Outcast]

Seen a few ransomware attacks in the past year, it's all too common in large companies sadly especially those with access to personal e-mail at work.

OP chances are they got your details from a hacked site you had shared them with, 707 million accounts were compromised in 2015 alone according to recorded/reported breaches. It's also now more common for your basic information to be shared between companies under data sharing agreements without consent, with implied consent, or with consent but lots of small print.

Thanks for that heads up as The Wife and I were a tad concerned about the correct details !

 

[Rilot]

Nasty. We had something similar at work. It gets mega scary when you have users with write permissions on SMB shares. Encrypts the whole damn share.

 

[Outcast]

I just sent an email to the CEO and it's just been returned failed.

I have just received an email supposedly from your company.

Your request has been satisfied.

You can read contract here: URL removed



Original will be sent to the next adress:

With my CORRECT home address including postcode AND phone Number. I don't believe I have ever ordered anything from your site and so I'm a bit mystified !

I had strong suspicions about this email and so used private browsing to go to the link and downloaded the Zip (Ok..So at this point I knew it would be a scam)

Feeling confident as I run linux I opened the zip up in a Virtual session of Windows and low and behold.. It's RansomWare !


I realise this is obviously not from yourselves but thought it might be in your interests to know your company name has been attached !

Regards

Paul !



Ps.. This link below is a screengrab I took and uploaded to imgur

 

[citizenx13]

Out of curiosity, how much are he/they asking for?

 

[Outcast]

I have no idea.

There was bugger all on the VB image which is why I test ran it !

 

[Pawnless Endgame]

First time I've ever seen this ransomware in action. Looks nasty!

Deffo scary stuff. You can put 'ransomware' into Youtube as well as there are video examples showing how a computer can be compromised. Basically to give you a heads up for what to watch out for and avoid.

 

[Soundood]

My Company has an info@ public email, displayed on the web site, this has obviously been harvested, and the amount of attempts at this and other exploits is amazing,

I dread to think what would happen if I had office staff, getting emails like ' unpaid invoice details attached' etc.

 

[Haggisman]

Any chance of a screenie of what's on that link? I'm not clicking it

 

[Mysterae_]

Heads up OP - your postcode is on that image, might want to edit it out (or weather to or not, hint).

 

[theMilitant]

Fortunate you're tech savvy enough to be running a virtual machine OP. Hacked databases or unscrupulous companies passing your details on to other unscrupulous parties are likely the source of them getting your details. The eBay hack two years ago gave away loads of user information for instance, including physical addresses, dates of birth and phone numbers.

 

[MadFruit]

You can check to see if your email has been in any data breaches in the last couple of years.

https://haveibeenpwned.com/

Most excellent website, you can sign up and it'll automatically email you if your email (or even domain if you have one) is ever in any future data breach.

It's run by Troy Hunt a security professional and Microsoft MVP for several years... so you don't need to worry about it being a dodge site too

Read a few of Troy's blog posts to see how easy it really is for someone (any one) to get hold of your details if you're ever unlucky enough to be signed up to a hacked site.

 

[Nitefly]

I called my Nan before work yesterday and mid call she got upset and explained she thought she had been scammed / manipulated by an email into calling a number and giving her bank details. Absolute *******s

 

[Mynight]

It's probably not advisable to open in VMs anymore there's been a couple that "break out" normally via the network as the host is connected. Can't imagine ransomware is too far away from utilising such a feature to slow down AV vendors testing it.