Posted on February 5, 2020 at 8:36 AM
Last week, there were waves of extortion attacks on several users whose accounts were breached during the Ashley Madison breach.
It’s been close to 5 years since the highly publicized Ashley Madison data extortion. But last week, a new extortion attack started targeting hundreds of affected users.
In 2015, about 32 million accounts of users of the adultery dating site were hacked and released online, including their credit card information, phone numbers, passwords, their names, and other information.
Several months after the attack, holders of these accounts were being extorted via a series of attacks, from spam emails to credit card scams. But when it seems the attack and extortion have stopped, there is a recent report by researchers at Vade Secure that suggest these hackers are still extorting Ashley Madison victims.
According to security researchers at Kaspersky, hackers are still targeting these scam victims 5 years after their Ashley Madison accounts were hacked.
Hackers using a highly-personalized format
The researchers have discovered that some hackers are still using the breached data from the Ashley Madison hack to exploit victims of the attack. This time, there are targeted and high personalized attacks via email to extort the victims.
Within last week, Vade Secure has discovered lots of samples of the extortion email scam used by these attackers. Although the hacked Ashley Madison accounts contain users from several countries, the attackers have concentrated their attacking region to India, Australia, and the United States.
In a recent post on Friday last week, researcher Ed Hadley at Vade Secure said that there may be many more of such exploitation emails in the next few weeks, given that about 32 million accounts were exposed during the Ashley Madison breach. It means that the attackers would have more addresses of email details where they could launch their attacks.
Victims receiving email threats to expose their illicit affairs
The main extortion content of the email is a threat to expose the unfaithful affairs those victims were having with a fellow user on the Ashley Madison platform. Some are already victims of the extortion, as the attacker promises to reveal embarrassing conversations and data to their spouse or partner. They threaten to reveal their illicit secrets to family and friends if they fail to give in to their financial demands.
Bitcoin used as a payment method
A situation like this is are one of the reasons why many people are frowning against the use of bitcoin as a payment method or currency. To prevent any trace to the attackers, they are asking the victims to make the extortion payment via Bitcoin. In the example in the researcher’s possession, the attackers are requesting a total amount of $1,059, which is equivalent to 0.1188 Bitcoin.
There is also a QR code on the PDF file to enable victims using compatible mobile payment solution to easily make payment after scanning the code.
Although the attackers tell the victims that the QR code is another payment option for those who don’t want to type the address, researchers say they are actually used for something else. They said the code is a phishing method that is generally used to avoid detection by sandboxing or URL scanning technologies.
And just like other types of scam and phishing emails, the attacker adds some sense of urgency to the email and sets up a six-day deadline for the victim to make payments or risk exposure.
Extortion likely to continue for a long time
Sextortion scams are one of the easiest ways scammers use to make money from their victims. It’s very common among scammers because such payments by the victims may be difficult to deny. After all, the payment is authorized by the account owner.
The attackers are even smarter with their methods of avoiding detection. They are upgrading their scare tactics and using different distribution methods to make sure they receive their payments without any traces back to them, according to the researchers.
But this attack is a unique one and may continue long after this year. The 32 million stolen user account details is a huge data, and the hackers may likely not exhaust them within a short time. The researchers said hackers would continue exploiting victims, and many may be exploited more than once, especially the victims who want to keep their secrets at all costs.