Sextortionist wants your money - and has your password - a sextortion story

Sextortion is back – now with ransomware and trojans

How would you feel if you’d get a mail that would tell you someone has been recording you while you had fun surfing on porn pages? Probably not all that great.

By now you should now already that it is all a scam though: those pesky mails that want to make you believe that you’ve been watched are a lie from beginning to end.

Instead of BitCoins it’s now ransomware and trojans

You probably know the story by now: One receives a mail that claims you have been watched and recorded and that tells you to pay up in bitcoins so that the video will not be released. The scheme was rather successful, with the scammers making around 50 000 dollars a week.

Now they are trying something new though – to get even more money out of their unsuspecting and panicking victims. The mail starts as usual and tries to trick the recipient into believing that there was actually someone recording him. This is being achieved by including a password associated with an account and mail address (both most likely obtained from earlier breaches), and random other information.

Image: Proofpoint

On top of that the mails now also include a URL that should lead to the video in question – but of course does not since there never was one to begin with. According to Poofpoint it does however lead to the AZORult stealer malware, which, in turn, installs GandCrab ransomware. You probably can imagine how that story will end.

It’s not real – DO NOT CLICK!

Most people, of course, would not fall for a sextortion mail like the above one, even if they were visiting porn pages. Still, to some all these information in the mail looks very convincing and gives the whole story a kind of gravity that could push some very scared individuals to actually pay up.

DON’T!  Your secret is still safe. Your friends / spouse / boyfriend / girlfriend / parents will never know what you did. While the information is probably yours and for real, the cybercriminal most likely got it from some old data breach together with the email address and probably some other data.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.