‘Sextortion’ botnet is sending 30,000 emails an hour that threaten to release private videos of millions of victims unless they pay $800
- A network of hijacked computers has been sending ‘sextortion’ emails en masse
- Researchers say the 450,000 computers were sending 30,000 emails an hour
- Emails alleged to have nude videos of victims and demanded a Bitcoin ransom
- Up to 27 million users were sent emails in just one wave
Hackers running a ‘sextoration’ scheme are sending 30,000 emails every hour to demand $800 from victims or they will release private videos of them.
They have taken control of 450,000 computers to send the emails to millions of people in what’s known as a botnet.
The hackers threaten to release a nude video unless the victims pay a ransom in Bitcoin – an untraceable cryptocurrency that has become a favorite among online extortionists.
The threatening emails often also contain personal data about the victims, including passwords that have been culled from databases of leaked credentials online.
Above is an example of an email sent by the hackers provided by Check Point Security
Those databases are filled with addresses and passwords leaked by past data breaches of other companies and include, in some cases, both emails and passwords.
Researchers at Check Point Security who uncovered the scheme say that one campaign launched by the network reached a grand total of 27 million users.
While most of the bot-net’s victims managed not to fall prey to the scam, with only about 150 victims actually paying out, researchers say the network pulled in $110,000 (about 14 Bitcoin) in a five-month span, largely because the volume of users being hit with emails was so high.
‘Sextortion’ emails involve black mailing victims by claiming to have their private videos, of a sexual nature, unless they pay a ransom
‘This may not sound like a lot, but for a low maintenance operation requiring only a large credentials list and the occasional wallet replacement, this generates $22,000 per month,’ writes Check Point.
The group responsible for the attacks has been identified by researchers as Phorpiex, which engages in several similar types of schemes.
Phorpiex’s method of hijacking computers to export blackmail en masse helps the group to remain undetected, since they’re able to send thousands of emails from many computers instead of just one machine that would likely be flagged as spam.
‘Sextortion’ scams like the one launched by Phorpiex have seen a dramatic rise in recent years with the FBI’s Internet Crime Complaint Center.
In 2018, the arm reported a 242 percent rise in the number of extortion emails with most of them being of the ‘sextortion’ variety.