Ransomware is not the only online extortion that a victim can be put through. The FBI’s Crime Complaint Center (IC3) has just released a public alert concerning an increase in post-breach extortion attempts. The attacks are aimed at US citizens whose personal details ended up exposed during the recent mega data breaches. Crooks are demanding 2-5 Bitcoins in exchange for their “silence”.
According to the Federal Bureau, cyber criminals are now using the leaked personal data against its owners, and are sending them aggressive emails.
Post-Breach Extortion: 2-5 Bitcoins, Or We Will Release Your PII
The amount of money demanded by cyber blackmailers is more than what a regular ransomware asks. 2-5 Bitcoins is somewhere between $500 and $2,500 and is a considerable amount of money. Besides releasing leaked user data, crooks are also making threats to let out intimidating information and share it on social media channels.
Recent Data Breaches at Fault for Extortion, but Who Else?
All of these recent data incidents (LinkedIn, Myspace, Tumblr, Fling) took place several years ago, but their consequences are only beginning to reveal today. Furthermore, affected parties systematically fail to warn their users or take matters in their hands as quickly as possible. Both governments and security vendors should do their best to forecast all possible outcomes of data breaches. Legal entities should also provide assistance in the fight against cybercrime and its ever-changing models of extorting money and resources.
Besides the public and social media services that are now registered on the mega breach department, voter databases belonging to citizens from the US, Mexico, Turkey, and the Philippines have also been dumped online, Softpedia points out. This is not the first time online post-breach extortion of the sort takes place. Last year’s Ashley Madison’s hack also led to similar blackmail events.
Here are examples of extortion emails provided by the FBI:
If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.
Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.
We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.