Ransomware ? ou Phishing ? - (reçu par E-mail) quelque peut surprenant

Bonsoir à toutes et à tous,
En regardant par hasard dans mes spams je suis tombé sur le mail d’un type me disant qu’il m’avait piraté et que il demandait des Bitcoins ou sinon il allait dévoiler à tous mes contacts des captures d’écran qu’il aurait pris sur mon ordinateur (avec des sites adultes BOUHH) bref jusque la j’ai pas eu très peur
La où j’ai commencé à flipper c’est que dans le mail en question la personne avait réussi à avoir un de mes ancient mots de passe (de ma boite e-mail ?) à préciser que ce mail date du 27/11/2018
et je me demande comment il à pu avoir ce mot de passe ? A savoir que j’utilise Mozilla Thunderbird pour lire mes mails et j’utilise actuellement Vivaldi pour aller sur internet
autre détail je ne l’est jamais payé et je n’est jamais eu de problème puisque je viens de prendre conaissance de ce mail cependant j’aimerai juste savoir par quel moyen aurit-il pu se procurer mon mot de passe ?

[EDIT] j’ai reçu le même mail mais en japonais
voici le mail en détail :
"spam detection software, running on the system “sd-134768.dedibox.fr”,
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Hello! I have very bad news for you. 03/08/2018 - on this
day I hacked your OS and got full access to your account [MON MAIL]
On this day your account [MON MAIL] has password: [MON ANCIEN MOT DE PASSE]
[…]

Content analysis details: (18.7 points, 5.0 required)

pts rule name description


0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: lilo.org]
3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[14.139.207.163 listed in zen.spamhaus.org]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
3.0 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[14.139.207.163 listed in bl.score.senderscore.com]
1.4 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.8 FSL_BULK_SIG Bulk signature with no Unsubscribe
1.2 BITCOIN_SPAM_09 BitCoin spam pattern 09
1.5 BITCOIN_SPAM_08 BitCoin spam pattern 08
3.0 BITCOIN_MALWARE BitCoin + malware
0.0 HELO_MISC_IP Looking for more Dynamic IP Relays
1.9 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address

[MON MAIL]has been hacked! Change your password immediately!.eml
Sujet :
[MON MAIL] been hacked! Change your password immediately!
De :
aplanoga@cantex.net
Date :
27/11/2018 à 07:51
Pour :
“[MONT MOT DE PASSE]” <[MON E MAIL]>

Hello!

I have very bad news for you.
03/08/2018 - on this day I hacked your OS and got full access to your account felix.gouin@lilo.org
On this day your account [MON MAIL] has password: [ENCORE MON SUPER MOT DE PASSE]
So, you can change the password, yes… But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea…
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I’m know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $782 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1FgfdebSqbXRciP2DXKJyqPSffX3Sx57RF

You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

I hope you understand your situation.

  • Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
  • Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)
  • Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Good luck."

j’ai eu le même genre de mail, m’indiquant qu’on avait découvert que j’étais un gros pervers, mais que ce ne serait pas dévoilé contre quelques bitcoins… :smiley:

Et même interrogation sur le mdp trouvé… :confused:

1 J'aime

J’ai eu le même genre de message sauf que mon mot de passe n’était pas mentionné.

Il s’agit certainement d’un mot de passe qui a pu être trouvé par rapport à un leak de la database d’un service auquel tu es inscrit.

Du genre de ce que tu peux trouver sur : https://haveibeenpwned.com/

Il y a eu un gros leak de découvert ce mois-ci. Maintenant si tu as du 2FA installé sur tes comptes c’est tant mieux et au lieu de rentrer dans tes comptes ils essayent de te fisher. Une fois de plus une occasion de changer ses mots de passe partout et les gérer avec un Keepass-like et d’activer le 2FA partout.

3 J'aimes