Ransom email with your password arrived recently? Today an email arrived that said “I have your password – King1Tut” which was worrisome because that was in fact a password I used. Oddly I haven’t used it in three years. The ransom email claimed that the sender had installed a trojan on a porn site and it allowed him to video me while watching porn.
Thankfully I haven’t watched anything worse than Deadpool since college. The funniest thing was that I haven’t used the password in the ransom email in over three years. I did use it for a booking service that went out of business. I began to wonder if they had bought the computer used by that service.
When I get rid of old computers, I am pretty good about wiping them very very clean before I recycle them or take them to the e-waste site. Lets face it, no one is above this game, and since 80% of the e-waste goes overseas for recycling because our EPA rules are so strict, it makes sense they would try and send a ransom email demanding $1900 or they would send the video of me watching porn to all of my contact list.
Being in the tech industry longer than Google has, I have a pretty long list of passwords and I manage several of my clients accounts. Needless to say I have an encrypted list of those passwords. Ironically three years ago, Apple had a bug that removed the password and encryption from documents stored in iCloud. So how did this person really get my password?
Looking back I realized I used that password as far back as my days at PacTel Mobile Services. In fact my mentor and later friend Jude Munn taught me that password, I simply borrowed it from him. I didn’t think he would ever try and use it to log into the system under my name. Maybe he did. Jude, do you need money? Don’t send ransom emails, I have plenty of extra work.
So any computer that was recycled from my first lunch with Jude up until three years ago could be the source of that password. It is odd that I received the ransom email now. Maybe some people don’t change passwords every year?
As a precaution I ran VirusKiller anti Virus on all of our Macs in the office. Apple vetted VirusKiller so I figure it is reasonably safe. The sad truth is the same software that claims to clean your computer, usually ads the malware or trojan horse viruses. After a little online research I found a site selling a version of the “Quant” trojan horse. You send the email with the virus to a list of valid email addresses and hopefully get some of the victims passwords. for just $35 a month, the seller would keep updating the virus and show me how to make money using it.
That is a scary thought. You don’t even need to be a decent hacker to really cause problems for people. Anyone mad at their friends can do this. My new policy is to never open any attachment from anyone unless I expect it and run it through our virus checking software.
This is very sad that our world had come to this. You can’t even trust your friends and family anymore.
The real solution is to ignore these guys. If you get a video of a porn site and a video of me at my computer, you can bet the video of me watching the screen is real or stripped from any one of a thousand videos and pictures of me online. When we gave up our privacy online for convenience, we should have suspended our belief that anything online is real.
I did go looking through over 500 passwords and found three places I still had that one as current. When I went to change them I found one had already been changed. Bingo. The real website that was hacked. Admittedly basic cracking software could hack that password in a minute or two. Thankfully it is a website and password I don’t need or use anymore.
If you get that email, don’t panic, just run a virus scan on your computers and start changing passwords like right now. But only after you make sure you don’t still have the virus!