Crypto-Blackmail : a new generation of crooks

Crypto-Blackmail is any sort of illegal transaction that threatens and demands payments from an individual to be sent to a cryptocurrency address. Like the old traditional blackmail, it’s just a ‘pay up or we’ll do something bad to you’ threat.  The big difference is that they now use cryptocurrency as a means of payment instead.

Cybercriminals are launching targeted ransomware attacks and extortion scams to get your data — and your money, but there’s a lot you can do to protect yourself. This is well-organized cybercrime.

Cryptocurrency is labelled as the money of the future. a type Peer-to-Peer Electronic Cash System in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. Cryptocurrency has become popular these days and well-known to many people.

Below is a list of the most current discussed cryptocurrencies:

1. Bitcoin
2. Litecoin
3. Ethereum
4. Monero
5. Dogecoin

How Crypto-blackmail scam starts:

A cybercriminal first contacts you via email, threatens and insists that he has some evidence concerning you, such as:

1. You are having an affair and cheated/are still cheating on your wife.
2. There was malware installed on your computer and on opening your web cam, you see obscene videos appearing, that have been captured while you have visited an adult site using key loggers, which permitted them to accomplish such tasks.
3. They have your password of X account and have your entire contact of messenger, social media and email accounts.

Note: Someone may have send these emails to millions of persons, and statically, there is a high probability that loads of people are cheating on their wives. These are all empty threats and not a personally targeted attack. The illusion of one of your accounts password, which is from a breached database, can give you the feeling that this is a personal attack.

For example, of scam emails:

1. We have recorded you watching pornography sites behind your wife’s back. If you do not want these videos released, then you must pay us $1,000 in Bitcoin.
2. You recently logged in to PayPal with the password 123456. We have also recorded you watching pornography and chatting to females behind your wife’s back. If you do not pay us $1,000 in Bitcoin, we will not only release the videos to your wife, but also hack your PayPal.

There have been some instances where the victim’s computer was hacked. For instance, once a computer has been infected by a Trojan Virus or Malware, often acquired by visiting wrong or adult sites or by opening malicious email attachments, as a result cyber criminals can control your computer without your knowledge. But there are also loads of indication that shows that there is nothing alarming more than a scam email, hoping to active porn watchers with false threats.

Personally, I believe that there is nothing alarming in the email that demonstrated that the predator has confidential information about you, there are no details like your name and about the site you are supposed to have visited, nor a screen shot that they are supposed to have captured. Ultimately, the attackers may be able to obtain old passwords of yours and use them to try and scare you. They can do this by infiltrating a site you used a long time ago that had a weak password. Or the attackers can have your password from a breached database whereby all well-known big enterprise databases have been hacked in the past years and these have been sold to black-markets.

How to protect yourselves?

1. Don’t respond to the email or either try to negotiate, just ignore the email and delete it from your email completely. Make sure the email is not even in your Trash. And please don’t pay a petty single coin.
2. If the Cyber Criminal has sent your password, make sure you do not re-use this password to any of your accounts and if you are currently using the password, change it now. Use a strong and unique password. Passwords should be a long one with different characters and alphanumeric, for instance, 2Ef!M3D!@. If you feel there are loads of passwords to be remember, use a password manager to keep all your passwords and also have a strong password to access the password manager. Make sure you change your password every month to prevent any kind of brute force attack.
3. Enable two factor authentications, or Multi-factor authentications, to further secure sensitive email address or other accounts where permissible. You will need to enter a security code each time you will log on to a new device and the code will be sent to your phone number.
4. Secure the computer. We have seen it more in corporate world, where system administrators install latest security updates on the machines. It will be a must for every individual to have the latest security updates on their machines and also have a paid antivirus on the machine so as to receive the latest update to protect us against key loggers and Remote Access Trojan (RAT) 
5. You can even check if your passwords have been ever leaked or compromised using services like ‘Have I Been Pawned?’ It is quite easy to use; you just need to search for a username or email address. The results tell you whether your username or email address has ever appeared in a leaked database.
6. Disable your webcam or buy a web cam cover when not in use.
7. Don’t accept friend request from people you don’t know. Fake profiles are easy to create.
8. Don’t interact with strangers requesting a video call or cybersex.
9. Turn off your computer when you are not using it more importantly.

How to speak to your teen about this issue

1. Parents need not overreact. They need to sit down with their teens and have a very important conversation.
2. Use Media stories about the issues to engage in a conversation with your teen.
3. Seize the opportunity to talk with your teen and explain them the risks.
4. Assure your kids if where they are facing such kinds of situation, you are here to help them.
5. Explain to your kids that extortion is illegal and in Mauritius, there is a fine till Rs 1 million.

On the other side of the same coin, in a corporate world, Crypto-blackmail can have a real impact in your organizations. First of all, concerning Cyber security in the Corporate world, the first level of breach is usually their employees via social engineering or it could be inside the company where films are downloaded via torrents and are kept in their office laptop, and visiting adult sites in office, unaware of the consequence that could rise to virus attacks and open to backdoors.

There are many ways crypto-blackmail or sextortion can eventually affect the company:

1. The personal impact on the worker who is being blackmailed can impact on the company’s brand.
2. The Blackmailer/Extortionist can ask confidential business information on the company for exchange for not sharing these photos online.

Narvesh Jaunky
Senior Cloud Engineer in an enterprise and Microsoft Certified Trainer/Lecturer and also a 
Certified Ethical Hacker