Altcoin News: Crypto Extortion Using Botnets Is Growing
October 23, 2019, by Marko Vidrih on ALTCOIN MAGAZINE
According to researchers, criminals are increasingly using botnets to send emails demanding ransom in cryptocurrencies for not disseminating information compromising the victim.
At the Advance in Financial Technology conference last week in Zurich, a team of researchers from the Austrian Institute of Technology and GoSecure security service provider experts demonstrated examples of such emails and said that the extortion process is usually easy and very profitable.
Using publicly available data hacking information, the researchers found that one copy of the popular Necurs botnet launched over 80 campaigns and sent out 4.3 million emails. Experts examined these letters and found that in almost all cases, the criminals did not actually have compromising information about the victims.
Researchers said the botnet was surprisingly profitable — renting it for $10,000 a month, extortionists earned at least $130,000. Masarah Paquet-Clouston of GoSecure noted that such campaigns are incredibly simple compared to most other schemes.
“If you look at traditional [product] spam, it’s much more complicated … [crypto] extortion spam is much simpler,” Paquet-Clouston said.
The examples presented by the researchers describe emails informing the victim that the hacker will reveal compromising personal information if the victim does not pay the ransom in cryptocurrencies in a timely manner. For example, in one letter, hackers monitored the victim’s computer using malware:
“Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your account. I’ve been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited.”
Tracking Bitcoin addresses and the languages used in emails allowed researchers to better understand how botnets work. For example, fraudsters have levied higher ransoms on certain nationalities. Moreover, the size of the ransom from native English speakers averaged about $745 compared to Hispanic victims, who demanded about $249 on average.
The botnet reused Bitcoin addresses more than 3 million times, and the researchers suggested that this was done to simplify payments. Only 0.135% of Bitcoins received by criminals could be traced on publicly verified wallets on exchanges, which indicates the use of CoinJoins and other methods of masking transactions before withdrawing funds to fiat currencies.
According to researchers, along with Bitcoin, ransomware also often uses Litecoin. Surprisingly, “anonymous” cryptocurrencies such as Monero and Zcash are used by fraudsters much less often.
Extortions involving cryptocurrencies have long been popular with scammers. Typically, criminals use cryptographic viruses to attack the victim’s computers and then require a ransom in cryptocurrencies to decrypt the files.
In the summer of this year, the small American city of Lake City was attacked by a cryptographic virus, as a result of which the authorities had to transfer 42 BTC to ransomware.
Author: Marko Vidrih
