Cybercriminals have purportedly managed to rake in over $330,000 worth of Bitcoin through an email-based ‘Sextortion’ campaign that has been going on since at least 2017, and saw its activity surge in 2018.
As indicated by a report from a UK firm Digital Shadows, the blackmailers received said amount from over 3,100 unique BTC addresses. The funds finished up in 92 different BTC addresses which are believed to be belonging to the same organization, which could reportedly be making an average of $540 per victim.
The company’s report tracked a sample of 792,000 emails sent to the individuals victimized. The ‘Sextortionists’ purportedly sent them an email which would include a known password as “proof” they hacked them and claimed to have video evidence of them with online adult content.
The threat was possed to publish the video online if a ransom in BTC wasn’t paid. In 2018, Cornell University computer science professor Emin Gun Sirer cautioned potential victims to “never pay, never negotiate” with blackmailer or cybercriminals trying to extort them.
According to Sirer, the emails were being sent to every email account on the famous website haveibeenpwned, that shows whether emails addresses had their data leaked on popular online security incidents or not.
A Modernized Operation
The UK firm’s report looks to show the ‘sextortion’ operation was a sophisticated one since scammers were seemingly attempting to hire more people to help them target high-net-work individuals.
These hires may be getting high salaries if they had experience in network management, programming, and penetration testing. The cybercriminals have notably been using social media for the purpose of targetting their victims.
The scammers’ capabilities are believed to have different skills, while some struggled to distribute a huge amount of emails which could get past email server or spam filters. However, others managed to show high levels of sophistication with the emails sent from accounts particularly created for the campaigns.