Online extortion, may it be ransomware like cryptolocker, or extorting people with damaging data like Ashley Madision, is certainly one way criminals try to use to make a living. Many of these attempts go unreported, and I expect that they are also often ignored by the individuals receiving these emails. As an example, one of our readers sent us an Ashley Madison extortion attempt.
The individual forwarding us the extortion emails received multiple e-mails. All appear to originate from the same group. The "From:" addresses for all of the emails use the ".xyz" top level domain and similar subject lines as well as bodies.
Interestingly, the amount being extorted varies from e-mail to e-mail between 1 BTC and 5 BTC. The e-mails note two different Bitcoin addresses. For Bitcoin transactions, it is pretty easy to figure out how many Bitcoins were transferred to any particular address. All transactions are registered in the blockchain, and sites like blockchain.info allow you to search the blockchain for a particular transaction. In this case, it certainly looks like the miscreant was paid. One of the addresses received two transactions of 1 BTC each, and the other one a total of 9 BTCs in several transactions ranging from 1 to 3 BTC.
So the short lesson: crime pays. If we assume that all these transactions are due to these extortion emails (and the amounts match what was asked for), then these emails made at least 11 BTC or $2,700 . It is likely that this individual or group uses multiple bitcoin addresses. Sadly, the victim in this case paid for nothing. Since the data is already public, many others could follow with similar extortion requests.
In this particular case, the attacker makes the threat more "real" but claiming that they found the victim's Facebook page and they threaten to share the information with the victim's Facebook friends and possibly employer. They then advice the victim to change the Facebook privacy settings to prevent others from doing the same.
Here is the full text of the e-mail (I removed the bitcoin address as it may link to the person forwarding us the e-mail):
Intrusion Detection In-Depth - SANS London October 2021
Oct 7th 2015
|Thread locked Subscribe||
Oct 7th 2015
5 years ago