Pay the ransom – or watch me wreck your life
Chilling new computer menace that is driving victims to suicide...
AT FIRST, the message seems harmless – an email pops up on your screen that could be from a friend or colleague. But click on it and your blood will run cold. Because what follows is a string of vicious threats to destroy your life unless you hand over money.
The ‘ransom’ email explains that you have been caught viewing an adult website – captured on your computer’s camera.
To add credibility to the sting, the email includes key private details, such as your phone number and secret passwords for a bank or shopping account.
The effect is chilling, as Sarah Hartley, a Mail on Sunday journalist, found out for herself when she was targeted recently. ‘Like most journalists, I am as tough as old boots and used to dealing with all sorts. Yet what horrified me most about receiving such an email is that it breached my work firewall,’ she says.
‘That was my fault – the email name had looked credible. It came from a common female name and I had assumed it was a public relations adviser. So I clicked on the option to permit.
‘But when I read it I flushed hot and cold from head to toe – I was stunned by the sheer nastiness of the words. [see right]. If the person had been standing in front of me I felt they would have been wielding a knife. Adding to my sense of fear was that the email included a password I use for an online shopping account. A barrier had been broken.’
Hartley adds: ‘Although I knew I had not been watching pornography, the way I was threatened – that a video of me would be passed on to contacts if I dared breathe a word – was horribly menacing.
‘I would have been mortified to know my friends and work colleagues might be contacted in this way. The language was perfect – no hieroglyphics or request to send money to a Nigerian bank account – and that is what made it plausible.’
Hartley ignored the email. But criminals are frightening victims into handing over £500 or more in anonymous Bitcoins. If they do not pay up, the blackmailer says they will share the details they have on the web. Millions of computer users are being targeted in the sinister wave of ransom scams reputed to be cheating innocent people – targeted at random – out of at least £30 million a year.
Personal information the blackmailers use to add credence to their claims can be bought for as little as £ 3 over the ‘ dark web’ or ‘ harvested’ using gadgets that can be purchased for about £40.
Colin Tankard is a cyber security expert who has been targeted himself by such criminals. He says: ‘Ransomware can destroy lives. There have been instances when people have committed suicide as a result of the horrible threats made. It breaks up perfectly stable relationships and causes untold misery.’
Tankard, managing director of Harlow-based Digital Pathways, adds: ‘Part of the awfulness of such cyber attacks is that these emails are often sent randomly. The crimi- nal has no idea what a recipient has been doing – just making a guess.
‘Paying up is the worst thing a victim can do. You are then put on a “sucker list”.’ This means your name will be added to lists of people deemed susceptible to crime, which are then traded among criminals – invariably leading to victims receiving further demands for money. Menacing language is used to make a victim feel insecure and vulnerable to the prey.
Tankard says: ‘Wording usually goes as follows, “While you were watching videos, your internet browser started out functioning as a remote viewer having a keylog- ger which gave me accessibility to your screen and web cam. After that, my software program obtained all your contacts.”
‘Then, “Well, in my opinion, $1,000 is a fair price for our little secret. You’ll make the payment by Bitcoin.” An additional message might read, “I know that you have read
through this email. If I do not receive the Bitcoins I will send your video recording to all of your contacts, including close relatives and colleagues.” ’
Aware of the scam, Tankard ignored the threat sent to him and did not reply – and suggests that others targeted should do this too.
Being a dark web criminal does not require much skill – just a lack of scruples. Tankard says a harmless looking £40 USB stick device known as a ‘rubber ducky’ can be inserted into the side of a laptop. It includes a ‘slurp’ facility that will then instantly grab hold of personal computer files, including pass- words and contacts. The details are copied, leaving the computer user none the wiser.
Similarly, a small hand-held ‘wi-fi pineapple’ box with antenna can be purchased on the internet for £80. It offers free wi-fi to nearby internet users and even imitates servers, perhaps pretending it is the wi-fi provider for the coffee shop a person is sitting in. The device can be used to steal home log-in details for wi-fi.
Ruth Walker, of internet search engine consultant Evolved, says lists of potential victims and their private financial details can easily be purchased. Recent research for website Money Guru revealed passwords for social media, online music or email accounts can be bought for £3 on the dark web.
Newcastle-based computer expert Walker says: ‘ These details have often initially been gathered through phishing – perhaps using pop-up windows or emails with click-on links t o websites t hat harvest personal information. ‘People often have the same password for a variety of services making it easier for criminals to build a data profile.’
Successful malware attacks have also raised fear among many potential victims – making it more likely they pay up if blackmailed.
A malware virus known as CryptoLocker, hidden in Microsoft software in 2013 and 2014, made off with £2.3 million when an innocuous looking ‘ Trojan horse’ file opened in an email attachment sent computers into meltdown.
Last year, another known as WannaCry infected more than 200,000 computers – including those used by the National Health Service – with victims paying some £110,000 in Bitcoins to unlock their computers.
According to analysis by technology company Vanson Bourne, ransomware attacks cost British businesses £350 million a year, with 40 per cent of firms getting attacked at least five times in 12 months. Given many firms are beefing up their cyber security, hackers are increasingly targeting individuals.
Computer users should be wary of pressing links on pop-up windows or contained in unsolicited emails. Rogue security software and copycat websites – claiming to be popular online shops such as Amazon and eBay, payment system PayPal or official organisations such as Revenue & Customs – are favoured by fraudsters hoping to trick you into giving away private information.
Anti-virus software is a way of combating a cyber attack. Providers to consider – that offer free options – include Avira and Sophos. Others worth considering include McAfee, Intego, Norton and Bitdefender although you will have to sign up to an annual subscription costing at least £30.
Have you been a victim of ransomware? If so send an email to toby.walne@mailonsunday.co.uk