A cybercriminal hides behind a mask, pretending to be friendly

Beware of Sextortion Blackmail: No One is Watching You Go to Porn Sites

Beware of porn site extortion emails that pretend to have evidence of you getting off at a porn site. They don’t. Please don’t fall for this scam.

Warning: Don’t read this if you don’t like graphic sexual descriptions.

I have received an email over and over again demanding money so that a video of me watching porn will not be released.  It makes me giggle because I don’t go to porn sites. But as the owner of a computer repair business, I know a lot of people occasionally go to them. So what? It’s not something to feel ashamed about or pay a fraudulent person a lot of cash for on bitcoin.

This email has all the markings of a blackmail scam email.  The content of the email is filled with grammatical errors and says the same thing over and over again.  Furthermore, the supposed hacker goes back and forth from trying to be “helpful” and then back to threatening again.  If the overall intent of the email is threatening, don’t buy into the idea that the supposed hacker is trying to just help you out.

Mad young woman worker losing job result on broken pc What is wrong. Anxious angry hispanic female splash hands unable to access database on laptop forgetting password having weak wifi signal. Mad shocked young woman worker losing job result on broken pc angry computer stock pictures, royalty-free photos & images

If this supposed hacker had the video he claims he has, then he would not be sending me email threats over and over again (like he has been) and would show me the video as evidence.  Yet, I do not respond and I get this sextortion email over and over again.  I know that I have never been on porn sites, so I know such a video doesn’t exist, but maybe you do go on porn sites from time to time.  I am not here to judge but to help you avoid falling for silly scam tricks like these.

No one is watching you. If they were they would show proof.  They also don’t have access to your email.  They are just good at convincing people they do.

You should never exchange money for a scam email such as this.  The chance that such a video exists is very small, as is the supposed access the cybercriminal has to all of your emails.  If such a video existed, the sextortionist would show it to us.  No, this person obviously is trying to trick us and a lot of other people at the same time.  Even if just a few people fall for the scam, it makes it profitable for the cybercriminal.

Hacker with laptop computer stealing confidential data, personal information and credit card detail. Hacking concept. email scam stock illustrations

Unfortunately, some people who do visit porn sites will likely fall for this sort of scam.  That keeps cybercriminals such as these going.  There will always be some, so it is important to stay vigilant.

To avoid fraud and phishing scams watch out for:

    1. Poor use of English grammar
    2. Repetitive and threatening language
    3. Writing that tries to sound official
    4. Emails that look legitimate but ask for information that legitimate companies would already have.
    5. Emails that ask for a set amount of money to be sent in bitcoin or some other online, anonymous manner.

If you have any doubt, give Ducktoes a shout at 403-219-3031. Or visit our website.

If you have any doubt, give Ducktoes a shout at 403-219-3031. Or visit our website.
These are all red flags to look out for.  Many email scams will not be as obvious as the following email.

 

You have an outstanding payment. 

From administrator@ducktoes.com on 2021-10-27 03:26

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (administrator@ducktoes.com).

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_<)

The software of mine allows me to access to all controllers in your devices, such as video camera, microphone and keyboard.
I have managed to download all your personal data, as well as web browsing history and photos to my servers.
I can access all messengers of yours, as well as emails, social networks, contacts list and even chat history.
My virus unceasingly refreshes its signatures (since it is driver-based), and hereby stays invisible for your antivirus.

So, by now you should already understand the reason why I remained unnoticed until this very moment…

While collecting your information, I have found out that you are also a huge fan of websites for adults.
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I have recorded several kinky scenes of yours and montaged some videos, where you reach orgasms while passionately masturbating.

If you still doubt my serious intentions, it only takes couple mouse clicks to share your videos with your friends, relatives and even colleagues.
It is also not a problem for me to allow those vids for access of public as well.
I truly believe, you would not want this to occur, understanding how special are the videos you love watching, (you are clearly aware of that) all that stuff can result in a real disaster for you.

Let’s resolve it like this:
All you need is $1750 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay.
Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises.

That is quite a fair deal with a low price, bearing in mind that I have spent a lot of effort to go through your profile and traffic for a long period.
If you are unaware how to buy and send bitcoins – it can be easily fixed by searching all related information online.

Below is bitcoin wallet of mine: 1P8zGx51BpyxEy5jBgr5ugoPXbSgyd7fpw

You are given not more than 48 hours after you have opened this email (2 days to be precise).

Below is the list of actions that you should not attempt doing:

Do not attempt to reply my email (the email in your inbox was created by me together with return address).
Do not attempt to call police or any other security services. Moreover, don’t even think to share this with friends of yours. Once I find that out (make no doubt about it, I can do that effortlessly, bearing in mind that I have full control over all your systems) – the video of yours will become available to public immediately.
Do not attempt to search for me – there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don’t need to be concerned about:

That I will not receive the money you transferred.

– Don’t you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).

That I still will make your videos available to public after your money transfer is complete.

– Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget…moving forward try not to get involved in this kind of situations anymore!
An advice from me – regularly change all the passwords to your accounts.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Encryption Virus (Again!)

[ad name=”new”]
Note: To avoid the encryption virus, please don’t open attachments on emails that are generic or suspicious in anyway. Please back up all your files every week or so and then detach the backup drive. If you do get the virus, please turn off all your computers immediately and call us at Ducktoes. 403-219-3031.

Encryption Virus Strikes Again
Ducktoes has again helped a client (web design and SEO client, not IT client) recover their files encrypted by an encryption virus.  And again the client paid the ransom. They thought they could not successfully operate their business without de-crypting the files, since it would have been exorbitantly expensive or impossible to manually remake them all. They couldn’t even remember what all the files were, much less recall the content.

Try Not to Pay
If not absolutely necessary, I don’t recommend paying the ransom for decryption.  If no one ever paid the ransom, the cyber-criminals would stop creating and spreading the viruses. But in this case, I totally understand.

Employee upset after laptop gets the encryption virus.

It is a difficult decision whether or not to pay the ransom for the encryption virus.

How They Got the Virus

The clients got the virus through email. An employee opened an email attachment that purported to be an “invoice” but really contained one of the encryption viruses in the attachment.  Once opened, the encryption quickly virus spread to the client’s network and encrypted a hard drive containing all the scheduling and accounting information.

Emails floating through air as envelops. The encryption virus comes through email.

Encryption virus comes as an email attachment.

The Clients Call Ducktoes for Help
Not understanding what was going wrong with their computers, the clients called Ducktoes. They thought they were just missing a program and because of that the the files wouldn’t open.  Human dynamo and very personable manager Colin Forrest immediately went into action. He went into one of their computers remotely to check the situation out and saw the encrypted files. He recognized the encryption virus since we’ve dealt with it many times before.  The virus had changed all the Word and Excel files to the mp3 file format making them impossible to open. Colin told the clients to turn off their computers immediately.  His immediate remote call and quick thinking saved them many files.

At the time I was picking up parts at our wholesale parts supplier.  When Colin called me to tell me what was going on, I immediately drove to the clients’ office.

Emergency Onsite Call
Upon arrival, I turned off the router so the virus would not spread further and assessed the damage.  Two computers and the external hard drive were infected.  Two others had started to be infected but the files had not been encrypted yet.  I brought the computers to the shop and put them in quarantine and we were able to remove the infection.  Don’t remove the infection before you get the contact info of the cybercriminals so you can pay the ransom if you need to.  Whenever we remove viruses from an encrypted computer, we have to make sure the infected computers are in quarantine on their own separate network, because the virus spreads quickly.

Waves coffeehouse where there is a bitcoin exchange.

Where BitNational is located.

Paying the Ransom
To ransom the files I had to take cash to a bitcoin exchange office office called BitNATIONAL, located in a Waves Coffee House on 17th Ave SW and 9A St. SW.  I was a little nervous because it seemed I was dealing with the underworld.  I was.  Our long time onsite tech extraordinaire Raz Rydstrom, and one of the smartest people anywhere, met me there since he is familiar with the process. The ransom was $500 US plus the bitcoin office fee.  It totaled $770 Canadian. With labour costs, the clients had to pay around $1500 for decryption and virus removal.  It is a hefty price for opening an infected file.

A photo of Matt and bitcoin exchange office.

Here is the BitNational office.

BitNational Helps Us
BitNATIONAL has a specialized ATM called a BTM which put the digital currency on my smartphone. Two great and friendly guys Matthew Haddon owner and Jason Butler partner and employee were working that day. The other owner is Drew Glover. I found them very helpful and immediately felt less nervous.

About BitNational
There are many BTMs throughout Calgary and other Canadian cities. Find one near you.

 Jason and Matt standing by their BTM machine.

This is Jason and Matt standing by their BTM machine.

BitNational bought out another bitcoin exchange service called Bit Brains. Matt and Jason believe that bitcoin is a great investment and only starting to take off and will go up in value.

BitNATIONAL owner Jeff shows how bitcoin will take off but wearing an orange Nasa suit.

Here’s Jason in a NASA suit demonstrating how bitcoin is going to take off. They don’t have the helmet yet.

BitNational only does the currency exchange to and from bitcoin.  They are a legitimate business and not involved in any way with the cyber-criminals.  They are entrepreneurs in a pioneer sector.  BitNational-logo

A Nervous Moment
Back at the shop, we paid the ransom and then discovered that the websites to communicate with and pay the encryption virus creators had disappeared.  This caused a  panic moment for me. I had already paid the money and worried I might not be able to retrieve the decryption code since the cybercriminal’s websites had vanished. Yet one of my techs, Garett Belkie, was able to install a Tor browser and retrieve the code that way.  Then he decrypted all the encrypted files on the computers and hard drive. Our hero. (Another awesome senior tech, our data recovery and virus removal specialist.  He can get data off a stone and remove viruses in a twinkle of an eye.)

Here’s another blog post about how I personally saved a law office from a encryption virus in 2014 before most computer IT support companies even knew what encryption viruses were.  It is a very exciting story.  Lol. I was my own hero.

 

Returning the Computers
Once the files were decrypted, we removed the encryption virus and returned the computers and reinstalled everything to the network.  Tech Rey Berse and I did this together. He’s a brilliant soft spoken senior laptop tech (he specializes in hardware and circuitry, soldering and electronic circuits etc. and software, a total computer genius) and an incredible onsite tech with our onsite IT support too).

Photo of a laptop with chain and padlock symbolizing laptop virus.

Ducktoes can help your unlock your files.

Sometimes We Don’t Need the Ransom
Using guidance learned from Bleeping Computer, we have actually decrypted certain strains of the encryption virus ourselves without paying the ransom.

The Ducktoes Team is More than One Tech
You get more than the skills and knowledge of your one IT support tech at Ducktoes. You may only see one tech, but you are getting much more.  You are a getting an entire group of techs at your back that are constantly learning and upgrading our computer repair and virus removal skills.  We work together as a team to solve and prevent computer problems, so when you hire us, you are getting an entire team of problem solvers and computer experts all educated at SAIT. We are constantly researching computer issues and learning new skills, the encryption virus prevention and removal being one of them. The pool of our combined knowledge and skill makes us a formidable force against viruses and computer problems.  Among us we know hardware including difficult laptop hardware including soldering motherboards and capacitors, fixing laptop screens, jacks and video and wifi hardware, server issues, networking, virus removal, crisis prevention, backup, data recovery, and anything you throw at us.

Two techs work on computers at Ducktoes.

You get a team of computer experts at Ducktoes.

Smiles and Laughter
It was really rewarding and fun to return the computers and data all fixed and working well so our clients could return to business as usual.  Now that they are IT clients we have them backed up to the cloud with Dropbox so this will never happen again. There was a lot of smiles and laughter while we worked and finished up with them.

Encryption Virus Experts
Ducktoes Computer Services has become an expert on the encryption virus. We’re experts on removing it, de-crypting it, and preventing it. If you need help with the encryption viruses, or any virus, we’re the best choice in Calgary since we’ve specialized in virus removal and prevention for years.

If You Need Us
If you need Onsite IT support or virus removal or any computer repair or support at all, call our team at Ducktoes.  We’ll bring smiles and laughter back to your office or home.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Finally, a Cure for Cryptolocker

[ad name=”new”]

Some of our clients’ computers have been infected with the virus Cryptolocker which encrypts all the files on the computer, and often, unfortunately, the business data and photos. People lose all their baby photos, once in a lifetime travel photos, or photos of a deceased family member or friend. They lose important business data. Now two IT cyber security companies, FireEye and Fox IT have partnered to provide a free service that will decrypt the files.

The virus creators were stopped for awhile by the FBI and RCMP’s Operation Tovar which took down many of the cyber-criminals’ servers. After a couple of weeks, however, Cryptolocker was back, although not as rampant as before, it seems, from my experience. During Operation Tovar decryption keys were obtained and FireEye and Fox IT

These companies have a created website www.decryptcryptolocker.com that will help you get a free decryption key.

decryptolocker

On the website, you have to upload a encrypted file and send an email address and they will send you a decryption key.

If anyone needs help with doing this or has been infected with Cryptolocker in the past, Ducktoe’s anti-virus lab would be glad to help you recover your encrypted files.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Be Careful: Cryptolocker Back after Two Week Hiatus

Cryptolocker is back after a two week break.  This ransomware encrypts all the files on your computer’s hard drive and will not decrypt them you pay the ransom.  Two weeks ago the FBI and Mounties took down Gameover Zeus servers which also contained the Cryptolocker virus and put both out of commission.  We at Ducktoes were so relieved because as a virus removal service dedicated to helping you and fixing your computers quickly and effectively we often have to deal with this horrible virus.  After a computer is infected there is very little we can do to bring the files back.  Cryptolocker is devastating to businesses that lose business files and individuals who lose all their files, especially photos.

Unfortunately, Cryptolocker is now being used as a stand-alone program without Gameover Zeus.  It is back in service.

Read more.

http://www.cbronline.com/news/security/cryptolocker-ransomware-is-back-after-two-week-takedown-4306092

http://betanews.com/2014/06/24/times-up-cryptolocker-ransomware-is-back-in-business

What we can do at Ducktoes is prevention and help you not get the virus in the first place.  Please be careful and do the following:

  1. Don’t open pdfs or any attachments unless you are ENTIRELY sure about them.
  2. Backup your computer right now and then disconnect the backup drive from your computer.  Backup often.
  3. Install Malwarebytes Premium.  It prevents the virus.  We have it on sale at the shop.

 

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Cryptolocker is Back Already

According to a recent article, which I will cite later, Cryptolocker is already back in operation.  Thank you to friend. former classmate, and fellow tech Paul Maslak for that information.  I’ll write more about it later today if I can.

In the meantime please don’t download any pdfs from FedEx, UPS, Canada or US Post and other businesses. Just don’t.  Put Malwarebytes Premium on your computer.  It prevents Cryptolocker.  We can help you do that.  Just call our remote support.  I’ll do it for free even, the installation that is.  The program costs around $36.  403-219-3031.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather