My Evernote account was hacked!

[Dougg 0]

I never thought going through this kind of situation with Evernote (photo attached). Considering leaving it right away. Anyone else?

[ArjenC 124]

Are you sure you're hacked? Did they send any evidence?

[DTLow 5,736]

1 hour ago, Dougg said:

Considering leaving it right away. Anyone else?

You should definitely consider protecting your password   
Don't use your Evernote password at other services.  The hackers probably picked it up at a less secure site 

I flagged your post for admin to forward to security

[Dougg 0]

This was not the case. Since I had many sensitive data in my Evernote account, I used a unique password for it, recycled every 3 months. 

[PinkElephant 8,076]

1st a very good question. Ransom hackers usually produce some sort of evidence, like 3 files taken from the cracked site. There should be some strange entry in the devices / access list as well.

2nd a password alone does not really protect. Without knowing about your situation it is hard to say more, but it can be anything from a trojan that got on your PC, copying every key you type and sending it to a control server, over a password captured at a public computer where EN web was used until a man-in-the-middle attack on a public WiFi.

Current advise goes against renewing passwords often, because it weakens protection in many cases. I have appr. 300 accounts - if I only try to change them all, I have a busy week. The password should be strong, completely random and unique, not following any logic. When upper/lower/symbols/numbers are included, currently a 15 digit password is regarded as unbreakable - which does not help if it is copied from the device on entry, or if the hash is included in a rainbow table.

3rd because of all this it is important to activate 2FA, because it adds another layer of security. 2FA depends on having access to another device, and it is time sensitive, renewing itself after a given time. Authenticators are regarded as safer than the code send by messaging.

4th it depends on you if you decide to pay. Usually these guys want to run the same attack more often, so there are chances they destroy what they copied. If people learn paying does not help, it breaks the ransomeers „business model“. This is however no advise to pay, and no guarantee it will solve the issue. 

[WilliamL 653]

46 minutes ago, PinkElephant said:

1st a very good question. Ransom hackers usually produce some sort of evidence, like 3 files taken from the cracked site. There should be some strange entry in the devices / access list as well.

2nd a password alone does not really protect. Without knowing about your situation it is hard to say more, but it can be anything from a trojan that got on your PC, copying every key you type and sending it to a control server, over a password captured at a public computer where EN web was used until a man-in-the-middle attack on a public WiFi.

Current advise goes against renewing passwords often, because it weakens protection in many cases. I have appr. 300 accounts - if I only try to change them all, I have a busy week. The password should be strong, completely random and unique, not following any logic. When upper/lower/symbols/numbers are included, currently a 15 digit password is regarded as unbreakable - which does not help if it is copied from the device on entry, or if the hash is included in a rainbow table.

3rd because of all this it is important to activate 2FA, because it adds another layer of security. 2FA depends on having access to another device, and it is time sensitive, renewing itself after a given time. Authenticators are regarded as safer than the code send by messaging.

4th it depends on you if you decide to pay. Usually these guys want to run the same attack more often, so there are chances they destroy what they copied. If people learn paying does not help, it breaks the ransomeers „business model“. This is however no advise to pay, and no guarantee it will solve the issue. 

I’ve just read this and went through the process of enabling 2FA, I had not done this as it can be an inconvenience but it’s on now. Scary that these kinda things can happen. 
 

@Dougg hoping you get to the bottom of this and it reveals that this was a scam and not a genuine hack. 

[Dougg 0]

17 hours ago, ArjenC said:

Are you sure you're hacked? Did they send any evidence?

They’ve sent a list of my passwords. Although I’ve changed all of them, it proved that they really had my files.

[PinkElephant 8,076]

Then I would assume as well that there was a real breach.

You need to check your exposure by your EN data. If an identity theft is possible, it may cause a much higher damage than paying. That is if they keep their part of the deal - no guarantees here.

Another issue is how they got the password. If it was grabbed from your own computer, an infection by a Trojan (that then downloaded a keylogger and other malware) is likely. The problem is that this pest is very difficult to remove. If you have no clue which Trojan it may have been, the best advise is to replace the computer.

Hard stuff ? 

Yes, but if the firmware got infected you can even erase the drive, reinstall Windows fresh - and it does come back, from the foothold in the UEFI-memory. If your UEFI was not password protected, this is a possible szenario.

Depending on your use case and exposure of other devices in networks you connect to (yes, the infection if there will try to spread to each network you connect to) you may try a complete wipe (reinstall Windows fresh) and restore from Backup. Beware that the Backup may be infected itself.

Or you decide to swap platforms: Get yourself a Mac (for example one of these new M1-laptops). On a Mac, any Windows malware is in hostile country and will not execute.