A new sextortion scheme that is making the rounds is believed to be making use of an old data breach. The scheme threatens to release compromising information if a $2,000 ransom isn’t paid within 24 hours. The wording of the message being sent to victims is unusual, indicating that the threat actor behind the messages likely does not speak English as their first language. They claim to have spyware on the victim’s machine and have access to their Facebook contacts, phone contacts, and their online activity going back 178 days. One of the recipients of the message stated that the only details about them the actors got right was their email address. It is believed that the email came from the Ashley Madison breach which took place back in 2015.
Analyst Notes
Sextortion emails are nothing new, nor is the idea of utilizing the Ashley Madison breach to do so. Following the Ashley Madison breach, there was a significant increase in sextortion attempts as the breach compromised so much personal data of an “adult” nature. If the Ashley Madison breach is being used as the data source behind the recent sextortion scheme, as it is currently assessed, the risk to businesses and government organizations of falling into the crosshairs of this campaign is elevated. The Ashley Madison breach contained a significantly large number of corporate and “.gov” email addresses. This particular scheme seems to be focused more on extorting a quick cash payment from individual victims, rather than threatening companies. Shortly after the release of the Ashley Madison data, many of the compromised corporate emails saw an increase in emails requesting the victims to click a malicious link or risk having their information from the site sent to friends and family members. The victim of this scheme who has spoken publicly has stated that they chose to not pay the ransom because the actors had such poor data to back up their claims and as they expected, the victim saw no follow-up activity from the sextortionist. This means that they likely had little more than an email obtained from the Ashley Madison breach and hoped the victim’s fear would be enough to force payment. More information on this incident can be found at https://www.zdnet.com/article/new-sextortion-threat-making-the-rounds/