Crypto-based extortion, which is basically the process of using spam flinging botnet armies to run some dirty pictures and compromising information in exchange for cryptocurrency, has turned virtual crime into child’s play. While speaking this week at the advances and financial technology conference in Zurich an international team, which was made up of researchers coming from the Austrian technology Institute also security provider Gosecure made a move to sample a population of email spam and revealed that the extraction process was quick, easy and very lucrative.
Using public data pack information, the researchers found that a single instance of the popular Necurs botnet could launch over 80 campaigns, and in the 4.3 million emails that underwent the survey by the team, almost all of them were vulnerable. The study estimates that in almost every case, the criminals had no incriminating information concerning their victims.
The team has announced that the botnet was surprisingly lucrative. By acquiring or renting a botnet for about USD 10000 per month, the extortionist could possibly be making at least USD 130000 million. In comparison to major extortion schemes, the spam campaign qualified as genuinely simple probably due to its employment of cryptocurrencies as Goecure’sGoecure’s Masarah Pacquet-Clouston says.
Checking the Bitcoin addresses used and languages, including emails, allowed the researchers to understand further how the botnet units undertook their operations. For example, whoever was behind the botnet charged certain nationalities higher prices than others, with English-speakers topping the list with about USD 745 per recipient as compared to Spanish citizens who had the lowest charges of about USD 249. The botnets reused bitcoin addresses as backed up by similar research that indicated one address was used 3 million times.
The researchers deliberated that address reuse was efficient as it increased the tactics’ simplicity. Other privacy cryptos like monero and zcash were found not to be used heavily. Examples provided in the paper described that an email informing the victim concerning the hacker’s intended release of compromising personal information if bitcoin wasn’t provided in a timely manner was also contained.
For example, one email claimed the hackers were performing surveillance through malware with the email going ahead to say “hello as you may know by now I posted you an email from your account. This shows that I have full access to your account. I have been surveilling you for a some time now. The fact is that you were infected with malware through an adult site that you visited.”
such cases of extortion through cryptos are growing and ever-increasing, with extortionists devising new ways and outfits to advance their trade on unsuspecting innocent victims.