Phishing scam claims to deliver WannaCry, demands bitcoin ransom

While the message claims it will encrypt data if you don't pay up, the threat is an empty one.
Written by Danny Palmer, Senior Writer

A new phishing campaign falsely claims to infect PCs with WannaCry ransomware and then demands users pay a bitcoin ransom in order to prevent their files from being deleted.

However, it's all a scam looking to play on the high-profile name of WannaCry -- which caused chaos around the world in May last year -- and the phishing email doesn't have the power to encrypt anything, and instead looks to exploit the potential fear of victims.

An alert about the scam has been issued by the UK's fraud and cybercrime centre Action Fraud and the City of London Police, which have received over 300 alerts about the email over the past few days. Those who receive the email are told to delete it and report it to the authorities.

The email claims to be from 'WannaCry-Hack-team' and comes with the misspelled subject line of 'Attantion WannaCry'. Those who open the message are told that 'WannaCry is back' and that 'all your devices were hacked' with a version of the ransomware.

See also: WannaCry ransomware crisis, one year on: Are we ready for the next global cyber attack?

The message goes onto threaten users that their files -- on any device using Windows, IOS, macOs, Android or Linux -- will be encrypted and permanently deleted should they not comply with the ransom demand.

Given that WannaCry only infects Windows systems, it's impossible for the attackers to follow through with their claims that their theoretical ransomware could infect devices run on other operating systems.

Image: Pro Networks

Those behind the phishing email threaten to follow through with the plan to activate WannaCry -- unless the person reading the email pays 0.1 bitcoin ($650) into a specified wallet to "ensure against data demolition".

They're told to send an email once the payment has been made, at which point the victim will be told how to avoid data being erased -- but given that that this phishing scam doesn't even deliver proper ransomware, anyone who pays up is paying for nothing.

Despite this, the user is told that should they try to delete the WannaCry 'program' then their files will immediately be deleted -- although there isn't any program to delete in the first place. "In reality the emails are just a phishing exercise to try and extort money," said Action Fraud.

See also: What is phishing? Everything you need to know to protect yourself from scam emails and more

IT company Pro-Networks -- which posted an image of the fake WannaCry ransom note -- said the phishing message is "is designed to cause panic resulting in payment of their empty threat".

However, it appears panic is low as no one has fallen victim to this particular scam at the time of writing.

It isn't the first time opportunistic criminals have tried to take advantage of WannaCry: in the days after it hit last year, support scammers attempted to take advantage of the fear around the ransomware in order to charge for fake security software.


Editorial standards