I get emails ... <sigh>
... seems to be a lot 'o these goin' around:
Threat/extortion emails (mostly all bark no or negligible bite).
Seems they're probably targeting those more probable to fall for it,
e.g. smaller businesses and such that aren't particularly tech savvy,
... not that their targeting is particularly accurate, but maybe at
least what they aim for by the content of their email.
Trimmed and redacted for brevity, etc., both of these from same IP:
------------------------------------------------------------------------
Received: from dedi.coronaxy.com ([185.198.58.92]:38380)
by balug-sf-lug-v2.balug.org
for <balug-announce(a)lists.balug.org>; Tue, 27 Oct 2020 04:41:53 +0000
To: balug-announce(a)lists.balug.org
Date: Tue, 27 Oct 2020 04:41:34 +0000
From: Patrick Wilson <patrick-wilson(a)coronaxy.com>
Subject: Your website www.balug.org has been hacked
We are the Cozy Bear and we have chosen www.balug.org as target for
our next DDoS attack.
Your network will be subject to a DDoS attack starting at 2020
November 2nd (Monday).
THIS IS NOT A HOAX, and to prove it right now we will start a small
attack on www.balug.org that will last for 30 minutes.
This means that your website, e-mail and other connected services will
be unavailable for everyone.
We will refrain from attacking your servers for a small fee.
The current fee is $1200(USD) in bitcoins (BTC). The fee will increase
by 1000 USD for each day after deadline that passed without payment.
Please send Bitcoin to the following Bitcoin address (cAsE-SeNsitIve):
[REDACTED]
If you decide not to pay, we will start the attack on the indicated
date and uphold it until you do, there's no counter measure to this,
you will only end up wasting more money trying to find a solution
(Cloudflare, Sucuri, Imperva and similar services are useless, because
we will hit your network directly).
We will completely destroy your reputation and make sure your services
will remain offline until you pay.
We will also download your database and do as much damage as possible.
Once you have paid we won't start the attack and you will never hear
from us again.
------------------------------------------------------------------------
From <elijah-martin(a)coronaxy.com> Tue Oct 27 17:35:38 2020
Received: from dedi.coronaxy.com ([185.198.58.92]:56414)
for <balug-announce-owner(a)lists.balug.org>; Tue, 27 Oct 2020 17:35:38 +0000
To: balug-announce-owner(a)lists.balug.org
Date: Tue, 27 Oct 2020 17:35:16 +0000
From: Elijah Martin <elijah-martin(a)coronaxy.com>
Subject: If www.balug.org is important to you, you must read this
We have hacked your website(s) www.balug.org and extracted your databases.
We will systematically go through a series of steps of totally
damaging your reputation. First your database will be leaked or sold
to the highest bidder which they will use with whatever their
intentions are. Next if there are e-mails found they will be e-mailed
that their information has been sold or leaked and your site
www.balug.org was at fault thusly damaging your reputation and having
angry customers/associates with whatever angry customers/associates
do. Lastly any links that you have indexed in the search engines will
be de-indexed based off of blackhat techniques that we used in the
past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site's reputation for a
small fee. The current fee is $1050(USD) in bitcoins (BTC).
Please send the bitcoin to the following Bitcoin address (Copy and
paste as it is case sensitive):
[REDACTED]
If you decide not to pay, we will start the attack at the indicated
date and uphold it until you do, there's no counter measure to this,
you will only end up wasting more money trying to find a solution. We
will completely destroy your reputation amongst google and your
customers.
This is not a hoax, do not reply to this email, don't try to reason or
negotiate, we will not read any replies. Once you have paid we will
stop what we were doing and you will never hear from us again!
------------------------------------------------------------------------
And yes, simple Internet search to confirm, and many such threats being
emailed about.
Maybe if I get bored and have some time some day, I'll put in an
anti-spam filter to specifically reject these upon attempted delivery
during the SMTP phase ... maybe with reject message/diagnostic
including something along the lines of:
Due to overwhelming request volume, we are no longer able to accept
ransomware/blackmail/threat requests for payment via email.
We do however, still accept such requests via USPS mail.
For prompt attention to your request, please send it via USPS to:
<automatically inserted email address they attempted to> c/o
ref: <automatically inserted reference on failed email attempt>
FBI: ATTN: ransomware/blackmail/threat requests for payment
<address>
USA
Thank you for your cooperation on these matters to help ensure prompt
attention by those relevant and responsible for handling your request.