Illegal Internet money extortion schemes are nothing new yet, as of recent, a significant rise in the instances of spam e-mail blackmailing has been detected by researchers world-wide. The last two instances of this boom of money extortion have been targeted at users from Australia and France. What’s more, instead of only trying to blackmail regular users, the hackers who carry out these attacks have also targeted big companies as well as security researchers.
The attacks on users in Australia and France
This most recent wave of extortion attacks consisted of over 33 500 spam e-mails send to the victims. The idea of those e-mails was to pressure the victim into making a ransom payment of 320 USD worth of Bitcoins. The leverage that the hackers claimed to have was sensitive images of their victims that the criminals have supposedly made by hacking the users’ devices and using their private webcam to take the said images. All of this is stated within the spam e-mails. The victims were given 24 hour period to make the payment or else, as the hackers threatened, the images would be send to the user’s contacts.
The good news is that, as with most such extortion attempts, the claim that the cyber crooks have hacked the user’s PC’s were false. This was made rather obvious by the fact that no actual personal information was provided within the e-mails which is a good sign that the criminals do not actually hold any private user data. After all, if the hacker wishes to be convincing, they would at least add something to their blackmailing messages so as to make it clear that those are no empty threats. That said, there are undoubtedly users who have gotten way too panicked by the dreadful e-mail and have made the payment.
Even though the criminal campaign seems to have had its peak between 11 and 18 of August, it might still be ongoing which is why we advise our readers around the world to be highly cautious with any such e-mails they might receive. Unless there’s a solid proof that somebody has your personal info, you should disregard such messages and have them deleted at once.
Blackmailing attempts targeted at a Swiss security researcher and at US companies
Prior to the extortion camping in France and Australia, there have been other similar attempts in other places of the world. An increase in the numbers of such hacker attacks has been detected back in mid June after a South Korea hosting provider agreed to make a payment of one million USD in after a Ransomware attack had encrypted the servers of its customers. Ever since that instance, many other hackers have tried to do the same hoping for their big break regardless of whether their threats are legitimate or empty like the ones we mentioned in the previous paragraphs.
Two other examples of recent extortion attempts are the hacker “attacks” on the site of a Swiss security researcher and the threats toward a number of US companies. In the first case, the attackers demanded a ransom of 5 Bitcoins (approximately 20 000 USD), saying that if the money doesn’t get paid, the website would go down for two weeks. The second instance was similar, only the demanded sum was higher (100 Bitcoins) and the period of DDoS was shorter (one week). The hackers who made threatened to hack into the servers of the US companies claimed that they are the online group known as Anonymous. However, this was proven to be false – the hacker group responsible for those threats has made similar attempts towards South Korean banks, going under a different name.
Most extortion attempts have no leverage
Most cyber-crooks who seek to extort money from users by threatening them over the users’ personal data are bluffing. Surely, there are instances when the hacker would indeed have leverage but this is more of an exception. Besides, it isn’t that difficult to tell when you are actually in danger of having your data stolen, locked or made public. Therefore, we strongly advise our readers to never make the rash decision of making any ransom payments unless there is something to suggest that the threat is real. Furthermore, even in instances where the criminal does actually have something on you, paying the money should only be done if it is absolutely necessary. Remember that agreeing to make such ransom payments is bond to encourage those web hackers to keep on terrorizing people with their illegal agendas in future.