In 2015, Ashley Madison, an affair-dating website was attacked exposing a bunch of user information. Interestingly, cybercriminals have revisited the incident and used the exposed information to extort money from the victims using different methods including blackmailing. This has caused fear as victims of other data breaches may still have their exposed personal information in possession of hackers.
These obtained data are mainly used to stage targeted phishing attacks, identity theft or even blackmail the victims. This explains why cybersecurity should be treated with all seriousness as you cannot afford to lose sensitive data to hackers or cybercriminals. They may use them against you sooner or later.
Image Source: www.armytimes.com
An email security company Vade Secure uncovered this new trick by cybercriminals and realized that the information used in the targeted email crime was the exposed information in the Ashley Madison breach. It was discovered that the criminals had access to extensive information on the targets aside from their email addresses. They used the information at their disposal such as: when they signed up on the Ashley Madison websites, their emails, and their interests as entered. The information used by the criminals is enough to convince the targets that they really mean business.
This is a bit different from the popular email scam use by cybercriminals to forge something that cast fear on their targets to extort fund. In this kind of trick, they broadcast a message trying to convince their targets that they have compromised their computers, and have obtained a video of them making love with someone or masturbating. They then threaten the target to send a quoted amount in Bitcoin as ransom or have their embarrassing videos sent to their contacts. This kind of email is sent to a bunch of people with the idea that they may get at least 1 person to fall for the trick.
In 2015, a hacker group identified as Impact Team broke into the Ashley Madison website and went away with 60 Gigabytes of personal information of users. The stolen information was later released to the public according to a report. This was a serious issue as the website is known for its matchmaking service for committed or married people who wants to have an affair. Interestingly, an analysis revealed that only 1% of the registered female users belonged to an active user. This forced the hacker group to embark on this campaign as a punishment for using bots to deceive men as real women. The website suffered severe damages. In addition, three suicide cases were linked to the Ashley Madison data leak with two cases recorded in Canada and 1 case recorded in the US.
Adrien Gendre, the Chief Product Officer of the Vade Secure said that this incident is a cause for concern as most of the affected individuals used corporate and government email addresses. In addition, this campaign appears to be more precise as the cybercriminals stick to the particular information used by the subscribers of the Ashley Madison website to launch a targeted email attack. It was discovered that the email asks the victims to make a payment of $1000 in Bitcoin to a provided wallet addresses if they want them to remain silent.
It is possible that some of the targets have already paid the ransom to ensure that the cybercriminals do not let the cat out of the bag since most of them use corporate email addresses. In one of their messages, they made reference to a chat made by the victim and even quoted the exact date a reply was made. These are done to prove that they have access to all the sensitive chats that can damage their reputation.
Image Source: www.businessinsider.com
Gendre has issued advice to the victims of the 2015 data breach to not fall for the tricks. According to him, victims should never reach an agreement with the cybercriminals to pay any rate as they are not even sure whether they will really spend the time to release the information as they claim.
Most people cannot afford to have their information and activities release to the public, but it is worth noting that there is no guarantee that information at their disposal would be deleted after paying the amount as demanded.
The worse scenario is that they may attack again after meeting the ransom demand of the cybercriminals. It is never worth it to spend time to reach an agreement with cybercriminals who blackmails you with your sensitive information. You cannot trust them to get rid of your information even after paying the requested amount. It is important to contact professionals for any help to get out of the trap of the blackmailers.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.