Nasty sextortion scams can now infect you with ransomware

December 11, 2018

By

Do you remember that scary sextortion scheme that’s been going around? It’s an email that claims that someone has installed malware onto a porn site (yet again!) that you have visited and with some unknown “software magic,” they have video evidence of your “private” moments.”It’s just another good old blackmail/online extortion scheme that tries to scare you into ponying up your hard-earned cash to these cyber scammers. It’s pretty far-fetched but people are actually getting duped.New variations to this “sextortion” scam are constantly being added to make it more convincing. Your email addresses, old passwords, your name – but don’t be fooled! They’re just ways for these scammers to scare you into giving in to their demands.Now, it looks like this nasty sextortion scam has become more dangerous. It is now loaded with ransomware! Don’t be their next victim. Read on and learn how to spot sextortion scams from a mile away.

Sextortion scam has a new twist

Have you ever received any of these scary emails? These sextortion scams keep on evolving as crooks keep on adding details to make them more convincing.First, they started with just your email address. Next, with the help of information acquired from data leaks, they started adding real names, old passwords and phone numbers, too.Now, beyond mere blackmail, they’ve added another dangerous ingredient to their stew of malicious intent – a link that leads to ransomware!The scam emails have varying content but they all share these common characteristics:

Cybersecurity firm Proofpoint spotted the latest ransomware-laden variation of the sextortion email and now, instead of a cryptocurrency address for payment, the message now has an embedded link that leads to ransomware. Beware! This sextortion/ransomware campaign is now primarily active in the United States with thousands of sent emails already detected.Check out the image below for a screenshot of the sextortion email. 

Image credit: Proofpoint

Based on the contents of the email, these scammers are trying to scare their victims yet again by including their email addresses. The email then provides a link that’s supposed to be a web address that hosts the video evidence of the target’s alleged porn activity.But alas, the link will only download a ZIP file loaded with a malicious software called AZORult, which in turn, will then download and install the GandCrab ransomware.If you receive this type of sextortion email, be careful and never click the link! Even if you’ve spotted the scam and you have no plans on paying the extortion fee, following the link will lead to a GandCrab infection.

GandCrab

GandCrab ransomware is nothing new but this is the first known instance it’s used within sextortion scams. It was first seen by Malwarebytes researchers on Jan. 26.Once installed, GandCrab is just like any other ransomware. It locks Windows files using RSA encryption and it displays a ransom note demanding payment for the “GandCrab Decryptor” needed for unlocking the files.In this case, this GandCrab instance demands a payment of $500 worth of Bitcoin or the lesser known cryptocurrency called Dash.

Image Credit: Proofpoint

Click here for Proofpoint’s full report.

How to protect yourself from sextortion scams and GandCrab

Unfortunately, if you do get infected with GandCrab, there are currently no free decryption keys available yet, so prevention is your best defense.Like I mentioned, always keep all your software updated. This includes the latest patches for your web browsers, plugins, operating system and software.

Don’t pay the ransom!

If you receive any threatening emails of this sort, please don’t give in by paying the ransom!A quick web search reveals that the sextortion scam is getting popular lately. There may be variations in the words and the ransom amount but the M.O. is still the same – they claim to have video proof of your porn website excursions and they will release the video if you don’t pay the bitcoin amount.In the words of Admiral Ackbar, “IT’S A TRAP!”

But just in case …

Another great insurance policy against ransomware is a good online backup solution! With the threat of ransomware constantly looming, a reliable backup will always give you the peace of mind you need. We recommend our sponsor IDrive for all your Cloud backup needs!With IDrive, you can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Go to IDrive.com and use promo code Kim to receive an exclusive offer.

https://www.komando.com/news/new-sextortion-scam/