Recently the Internet Crime Complaint Center (IC3) at the FBI has issued warnings of increased email-based extortion attempts related to recently publicized data threats. These cybercriminals are using emails from previous data breaches like those at the IRS, Anthem, and even Ashley Madison. These breaches led to an enormous amount of personal information being stolen and placed in the hands of some pretty terrible people.
Like in this example, where weak network security at a bank in Los Angeles led to a hacking group, calling themselves “TheDarkOverlord”, attempted to extort money from the bank and multiple healthcare organizations.
These emails inform the recipient that their personal information, including names, credit cards, phone numbers, addresses, and other personal data, will be released to friends, family, or to all of their social media contacts, depending on what private information was gained. The email recipients are only given a short amount of time to decide if they are going to comply or not. The extortionists are asking for the ransom to be paid in bitcoin, further making these criminals almost untraceable.
IC3 has released a couple examples of extortion emails to give the public an idea of what to look out for:
*Now I know 5 bitcoins doesn’t initially sound like a lot, but at the current conversion rate, 5 bitcoins are equal to about $3,016.60…
*Like above, 2 bitcoins are equal to $1,206.64
The FBI is advising recipients of these emails not to pay the ransom, as it further “facilitates continued criminal activity.” The FBI also believes, based on the different email variations, that there are multiple different organizations/individuals taking on the role of extortionist in this scheme, so there could be more variations of these types of emails to come in the future.
In essence the whole point of this post is to let you know about these recent occurrences, as data breaches are happening more frequently, and are apparently the fuel for this type of scam, and remind you of a couple things to keep you safe. Even if these seem redundant they are always worth repeating. Never provide personal information via email, and do not open emails or attachments from unknown senders, and if you do receive an email resembling the examples above, do not respond to the sender.
If you’re an IT Freedom client, and you think your work-related information has been compromised PLEASE contact the helpdesk.
If you’re not a client, and would like to see how we can help make your network safer and protect your data, give us a call, we would love to help!