Attacker states they have PW to users email and has implanted trojan on pc which collected pics, URLs etc. Ransom of $900 to BTC acc or collection will be released to contacts.
_x000D_
Header:_x000D_
Return-path: <Aaron@Smith931.edu>_x000D_
ip=188.162.48.46 (no ptr match);_x000D_
smtp.helo=Smith931.edu (does not exist);_x000D_
Received: from Smith931.edu (client.yota.ru [188.162.48.46])_x000D_
Received: from [159.62.203.68] by mailout.endmonthnow.com_x000D_
Received: from unknown (HELO nntp.pinxodet.net) by qnx.mdrost.com with NNFMP;_x000D_
Received: from webmail.halftomorrow.com [19.3.69.8] by mtu67.syds.piswix.net with SMTP