eScan studies loss through Extortion spam mails

To study the modus-operandi of the criminals, eScan’s research team has been analyzing and tracking the emails and most importantly, the Bitcoin addresses found in these spam mails. They found that criminals were actually creating Bitcoin-Address for every Spam campaign.

Although Bitcoin has been the most volatile in the past few years, the research says that this has not deterred the criminals from collecting bits from the Bitcoins. According to eScan researchers, “When we talk about extortion, we have seen the emergence and effectiveness of Ransomware using Bitcoins and other forms of crypto-currencies. We have also seen Crypto-Currency Miner (sic.Monero) being deployed on hacked servers/systems, so as to take advantage of the computational resources and generate crypto-currencies. However, lately, we have seen a rising trend in extortion emails, asking for Bitcoins.”

Organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments, advises eScan study.

These spam mails are in plain text format and warn the recipient of a malware being deployed on an Adult Porn Site. Furthermore, in the mails, it is also explained in brief how the recipient’s, the webcam was hacked, keylogger was deployed and the login credentials were stolen. The email also explains that a video was captured while they were busy visiting the Adult Porn site and the recipient is threatened with dire consequences viz. sharing of the video with those present in the stolen address book.

Similar to Ransomware and Miner Attacks, this scam also relies on the anonymity provided by crypto-currencies. It’s a simple plain text threat, based on the premise that the recipient has visited some Porn site. The criminals have in most of the cases, successfully invoked the aspect of fear and social stigma into the psych/mind of the email recipients.
In case the recipient’s do pay up the extortion BTCs, the BTC is broken down and transferred to multiple Bitcoin Wallets so as to ensure that researchers find it difficult to track the transactions.
The breakdown and subsequent transfer of the BTC is done a couple of times, hence at the end of third iteration we have close to 100 BTC wallets. Finally, all these wallets are consolidated and the BTCs transferred to one single wallet.
During the course of research, eScan team realised that due to the anonymity provided it is impossible to track the identity of the Wallet Owner. Since the month of August 2018, there has been steady increase in these extortion spam mails.
According to eScan researchers these mails are a part of a spam campaign and advices that recipients shouldn’t reply to these emails. However, since this campaign is in its nascent stages, there is a possibility that in near future the spam mails might be weaponized with the usual variants.