Ride the Lightning

First There Was “Sextortion” – Now There’s “Breachstortion”

June 16, 2020

Ah, the language of this brave new world.

Sextortion is where the cybercriminals send you an email claiming to have a video of you watching porn because they put malware on your computer and filmed you. They demand money or say they'll send the video to your family and friends. Usually the amount is around $2000 payable via Bitcoin to a cryptocoin wallet specified in the email. There really is no video but some people pay out of fear (we've had those calls from lawyer friends). A SophosLabs report in 2020 says you can make $100,000 a month this way.

As reported by Naked Security, the sextortion criminals are now turning to "breachstortion." Instead of claiming that they have a video of you, they now claim to have hacked your website and taken your data.

Incidentally, as you probably know, ransomware crooks are no longer just encrypting your data and demanding you to pay up to get it back. They now hit you twice by stealing your data and then encrypting it. Now there are two reasons (and sometimes two prices) to pay them – to get the decryption key and get their word (you always believe criminals, right?) that they've destroyed your data.

The "breachstortion" crooks are copying this data breach-based approach, except that they haven't actually hacked your network or your computer at all. They are just lying and hope you will believe them and pay. The note might look something like this:

"Subject: Your Site Has Been Hacked

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website [URL REDACTED] and extracted your databases.

How did this happen?

Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your [URL REDACTED] was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets."

Then they might give you, say, five days to send some cryptocurrency to a Bitcoin wallet given in the email. They might demand $1500-$2000. There are no email or website contact details in the message – the crooks tell you not to bother replying to the email at all, and there's no website where you can trace your payment and see whether they've received the money. Terrific, huh?

When ransomware crooks strike, you know what just happened – the ransom demand typically ends up saved in a file right there on your desktop. Not here, because there was no attack other than the extortion email. They count on your believing them and forking over the money. And some people will.

There is no end to the skullduggery of cybercriminals. But now you know what to look for and hopefully won't be fooled into paying up!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson