Proofpoint, a cybersecurity firm has discovered a sextortion scam which is targeting the US residents and includes links in the mail pointing to the ransomware installer.
Comparing it to other sextortion campaigns, the scam alleges that it has information gathered over months and compiled in a video. However, when the victim clicks on the link to verify if they were actually secretly recorded they end up installing ransomware “ GandCrab”.
Once the user installs ransomware, a payment of $500 is demanded in Bitcoin or Dash. The ransomware was discovered in January 2018 and it is the first ransomware to extort payment in Dash.
For the first time this week, we observed a sextortion campaign that also includes a link to #ransomware with #SocialEngineering designed to extort money from recipients. https://t.co/Fol821L2wU pic.twitter.com/PGo9FZfu2p
— Proofpoint (@proofpoint) December 7, 2018
Proofpoint researchers say that the cyber criminals are basing their success on lurking fears in panic-stricken victims who will not think twice about clicking on these links.
“This particular attack combines multiple layers of social engineering as vulnerable, frightened recipients are tricked into clicking the link to determine whether the sender actually has evidence of illicit activity,”
the cybersecurity researchers wrote in a blog post.
Proofpoint researcher also found out that the criminals are also increasing their chances of making money if the sextortion attempt fails. For instance, only when the victims seek to see the evidence the ransomware is installed and the device locked. The victims are then again demanded a ransom to unlock it.
Spreading False Claims
Although, the ransomware creators claim to have the credentials of victims, this is not the reality. In one of the mails the attacker claimed to have the password, though it has not been determined as yet.
“The supposed password for the potential victim’s email address in this case appears to be the same as the email account. Therefore, in this case it may simply be a bluff and the attacker does not actually possess the victim’s password.
It is claimed that in a minor span of two months GandCrab since it’s discovery has extorted US$600,000 from more than 50,000 victims mostly in the United Kingdom, the United States, and Scandinavia.