I Received a Blackmail Email with My Password Included - What Do I Do Now?

Sextortion Emails Distribute Ransomware

Online sextortion scams are not exactly a recent phenomenon, and it's fair to say that no two are exactly the same. The schemes range from simple to extremely elaborate, and in some cases, the crooks tend to be especially audacious. Obviously, not all of them work, but in recent months, there has been a sextortion scam that has turned out to be rather successful. And it seems to be evolving.

A proven blackmail technique with an interesting twist

When we talk about cybercrime, we tend to think about teenage computer geeks in hoodies who type very quickly. The truth is many of the crooks that use computers to scam people don't necessarily possess the technical skills to actually hack into a PC. Because of this, they resort to deceit.

They send you an email telling you that after compromising the security of your system, they have extracted an embarrassing browsing history and have filmed some even more embarrassing things with the help of your device's web camera. If you pay them a considerable sum of money, they will leave you alone, but if you don't, the footage will be sent to your close ones.

It's all a hoax, but because (and there's no point arguing about it) not everyone is delighted with the idea of their mother checking out their browsing history or seeing what their webcam has seen, victims have been known to pay the ransom. Several months ago, the scammers added a seemingly small detail to the scenario that made what was already a fairly successful social engineering exercise even more effective.

In July, users began receiving messages that started with something along the lines of "Your password is" followed by one of the user's real passwords. The presence of a genuine password made the phony story of the crooks hacking into victims' computers and filming them watching porn that much more believable. In reality, the scammers got the passwords from databases that had been leaked during various data breaches, but many victims failed to realize this, and in a matter of less than a month, they collectively paid the fraudsters a whopping $250 thousand.

A quarter of a million dollars in exchange for threatening people to expose a nonexistent video doesn't seem like a bad deal, but the crooks clearly think that they can do even better.

Adding ransomware into the mix

The success of this particular sextortion scam attracted a lot of mainstream media attention, but unfortunately, this hasn't stopped the crooks from sending out their messages. In fact, they are making them even more convincing and, potentially, more damaging.

The emails are pretty much the same. Your password is still there, and it's followed by the bogus story about stolen browsing history and the hacked web camera. This time, however, the criminals sound like they really mean business. There's a link which will allegedly let you download a PowerPoint presentation that showcases the footage they have of you. Before we continue, we should warn you that if you happen to receive a similar message, you must not click on that link.

Researchers from Proofpoint decided to check what sort of presentation the scammers have, and, not to the greatest of surprises, they found out that there's no presentation at all. The link in the email leads to a ZIP archive containing a sample of the AZORult malware.

AZORult is an information stealer, but in this particular campaign, it is used as a downloader. It contacts the crooks' Command & Control server (C&C) and downloads a sample of the GandCrab ransomware. Within minutes, the victims' files are encrypted, and GandCrab demands $500 to set them free.

It's a dastardly turn for a scam that was already pretty cruel. But do the crooks really think that this will be a more effective way of defrauding people out of their money? Or are they trying to create a second source of income?

The answers to these questions are as yet unknown. They're also somewhat irrelevant to you, the regular user. Instead of wondering about this, you should be thinking about what you can do to protect yourself.

What can you do to stay out of trouble

It would be easy to just tell people that watching porn is bad for them, but we'd prefer not to do that for a couple of reasons. For one, as long as it's within the limits of the law, users are free to do whatever they want with their free time, and saying that they should refrain from a certain type of activity would be of no use to anyone. Second of all, as we established already, the scammers running this particular sextortion campaign don't actually hack your computer through adult websites, so from that particular perspective, your browsing habits are completely irrelevant. Your password management practices, on the other hand, could increase the likelihood of evading the crooks' trap.

Although most of the reported messages contained passwords that were a few years old, the balance in the crooks' cryptocurrency wallets suggests that some of them are still active. It seems that people continue to use the same passwords over and over again and go on without changing their login credentials for years on end. As we've mentioned on these pages, not everyone agrees whether or not regularly changing passwords is such a good idea in this day and age, but it's fair to say that leaving a password unchanged for too long could, at the very least, leave you feeling extremely uncomfortable.

Updating your credentials is important, but it's even more crucial to swap the old passwords, for new, complex, and unique ones that you have never used before. With the help of tools like Cyclonis Password Manager, this shouldn't be a problem at all. To learn more about it, click here.

The threat of ransomware has been around for a lot longer than the scam emails that contain some of your passwords, and there really is no excuse for leaving yourself exposed. Up-to-date software, a proper network configuration, and a solid security product are essential factors that should keep ransomware infections away from your system. Should the worst happens, a fresh, working backup of your most valuable information will ensure that the damage is as minimal as possible.

Unfortunately, securing your PC and improving your password hygiene is the easy part. The scammers behind this particular wave of sextortion emails exploit something far more complicated and harder to change – the human psyche. By posing the threat of embarrassing you in front of your loved ones, the crooks trigger an instinctive reaction that is not easy to counter, and when they say that they can prove their claims, even the most skeptical individuals suddenly find themselves questioning their own judgment.

There is no algorithm that is guaranteed to stop you from clicking the malicious link, but if you have sufficient knowledge of how online scams work, you should have a better chance of distinguishing a genuine message from a fraudulent one. Treat unexpected emails with a healthy dose of salt, and try to stay informed about the most prevalent cyberattacks. Social engineering is not an easy thing to fight against, but waving the white flag isn't really an option, either.

December 11, 2018

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 7 + 4 ?