UK users are being targeted with a fake WannaCry ransomware alert threatening file encryption if a ransom demand is not paid.

Fraudsters Claim WannaCry is Back!

In May last year, WannaCry ransomware attacks brought many companies to a standstill, with the UK’s National Health Service (NHS) a notable victim. Now, a little more than a year later, a new WannaCry ransomware campaign is being run, or so the sender of a batch of phishing emails claims.

Email recipients are told “WannaCry is back!” and are warned that their devices have been hacked and ransomware has been installed.

Email recipients are warned that the threat actors have perfected their ransomware and this time around antivirus software and firewalls will not prevent file encryption. Further, recovery will not be possible if the ransom is not paid.

Failure to pay, or any attempt to try to remove the ransomware without paying the ransom demand will result in permanent file deletion. Further, the ransomware can propagate and infect the local network, cloud data, and remote devices, regardless of operating system.

Email recipients are told that the ransomware has already been deployed and payment of a ransom of 0.1 Bitcoin – Around $650 – must be made to stop the attack. Email recipients are given just 24 hours to pay the ransom before data are permanently deleted.

The email is signed by WannaCry-Hack-Team, and so far, more than 300 copies of the message have been reported to the UK government’s National Fraud and Cyber Crime Reporting Centre, Action Fraud.

A Phishing Scam that Preys on WannaCry Fears

There are some signs that the email is not a genuine threat, and instead is just preying on fears about another WannaCry style attack.

Ransomware attackers encrypt data then ask for a ransom to unlock files. They do not send a warning saying they will encrypt data if a ransom is not paid. That tactic may be used by some DDoS attackers, but not by ransomware threat actors.

Email recipients are told that this version of WannaCry will work on “any version of Windows, iOS, Android, and Linux.” The original version of WannaCry took advantage of a vulnerability in Windows Server Message Block. WannaCry only affected vulnerable Windows devices that had not been patched. The ransomware was not a threat on other operating systems.

Phishing campaigns often include spelling mistakes in the subject line and message body and this email is no different. The subject line is – “Attantion WannaCry”.

This is simply a phishing campaign that attempts to extort money from the recipient. No ransomware has been installed and the attackers cannot encrypt any files.

If you receive such a message threatening file encryption unless you pay a ransom, report the message to Action Fraud (UK), US-CERT (phishing-report@us-cert.gov) in the United States, or the government Fraud and Cyber Crime agency in your country of residence and delete the email and do not pay any Bitcoin ransom.

Of course, not all ransomware threats are as benign as this and many attackers will be able to encrypt your data. To protect against real ransomware threats ensure you create multiple backups of your files, deploy a spam filtering solution, ensure your operating system and all software are kept up to date, and keep your anti-virus protection up to date.