New sextortion scam delivers Azorult data-stealer and GandCrab ransomware

Among the myriad online scams, the so-called “sextortion” scams can be considered one of the scariest kind for victims due to the personal ramifications of such an attack. The scammers in such cases typically blackmail victims, threatening to expose incriminating evidence of illicit activities.

Usually, these scammers demand their victims to pay a certain amount of money to avoid the release of whatever compromising evidence they hold. However, one such recent scam observed by the researchers at Proofpoint is using a different technique. In this case, the scammers also attached links to the AZORult stealer which leads to infection by the GandCrab ransomware.

What are the most common sextortion tactics?

Typical sextortion scams do not include any links or attachments. Proofpoint researchers listed the key elements present in the emails sent by the scammers in sextortion scams which include:

• An initial statement informing the target that their computer has been compromised by some form of spyware.
• To add more credibility to the email, the scammers might also include the password of the victim’s email account or other personal information relating to the victim’s family members, their occupation, etc.
• A ransom demand, typically deposited in a Bitcoin wallet.

New scam drops ransomware

Proofpoint researchers observed a new sextortion scam on December 5, which primarily targeted victims in the US. In the email, the scammers include a URL link claiming to show the victims a video of their compromising activities captured from their computer. However, this link actually redirects victims to the AZORult malware, which then installs a version of the GandCrab ransomware.

Since victims are quite vulnerable to such scams, they are likely to inadvertently click on the link to check the validity of the threat. This scam proves to be a unique example of a cyber scam using social engineering techniques.

The password of a victim’s email account, in this case, is the same as their email address. This indicates that the scammers might not actually possess victims’ passwords and might instead, be bluffing.

Once a victim clicks on the link in the email, the scammers demand a $500 payment in Bitcoin or DASH.

How to respond to such a scam?

For anyone who receives such sextortion emails, the researchers advise:

• Do not directly believe the claims made in the email about the sender having compromising evidence.
• Do not open any links or attachments included in the email.

2018 has already witnessed several other sextortion scams, including one campaign reported by Brian Krebs, which is believed to have netted half a million dollars, Motherboard reported. Such scams continue to prey on the common insecurities and fears of people resulting in constant menace for anyone active online.