Research: Evidence of Rising Sextortion and Ransomware Scams with Cryptocurrencies

Sextortion scams in cyber form have been around since around 2009 and have cost many victims a lot of money. There are a few types of sextortion scams, but in general, they work by the attacker threatening to distribute private or sensitive material if the victim doesn’t send money or comply with sexual favors or images.

The scams can take many forms, for example, the attacker may claim to have video evidence of someone masturbating via a hacked webcam, or details of their internet porn history. Sometimes it involves other sensitive information such as passwords and account information that the attacker will threaten to distribute or use to take over accounts if demands for sexual images or a monetary payment are not met.

The attacker will usually send an email to the victim containing the demands, and adding some information to make the attacker’s claims legitimate. For example, they might include passwords and email addresses from a data breach or details of family members that they have gathered from social media accounts. The attacker will also provide details of a Bitcoin wallet (if extortion is the end goal) and demand payment into the wallet.

Proofpoint, the enterprise security company based in Sunnyvale, California, has recently conducted a research and found that a new wave of sextortion scams are adding ransomware to their m.o.

The new sextortion campaign, observed on December 5, involved thousands of messages sent to potential victims around the US. The emails contain text consistent with a typical sextortion scam, but also include a URL link. The URL claims to be video evidence of the illicit activities carried out by the victim. However, when the victim follows the URL, it leads to a AZORult stealer malware, which installs GandCrab ransomware on their device. The GandCrab ransomware will then demand a payment of $500 in cryptocurrency, either Bitcoin or Dash.

Advice:

  • Ignore ALL emails of this nature. If you comply with sextortion demands, they will continue to exploit you. If you ignore the emails, it will likely be the last you hear, they send these emails out en masse.
  • If you receive an email with a link to purported illicit activities, assume that it is false and do not click the link.
  • Do not comply with demands for sexual images in exchange for regaining control of your accounts, you are giving the attackers more material to blackmail you with.

It is no surprise that extortionists demand cryptocurrency as a form of payment for their illicit demands as it offers them relative anonymity and untraceable transactions.