Security professionals have disclosed a new extortion marketing campaign threatening to leak delicate corporate information until a Bitcoin payment is made.
Microsoft regional director and HaveIBeenPwned founder, Troy Hunt, discovered the unsolicited email in a social media publish. It claimed that the fraudsters had hacked his web-site by exploiting some unnamed vulnerabilities and harvesting database credentials before extracting the “complete data” from all computer systems and servers.
“We will systematically go as a result of a series of methods to absolutely hurt your standing. Initial, your database will be leaked or bought to the greatest bidder to be utilised for any purpose. Upcoming, email messages will be despatched to all your clients, suppliers and small business partners, stating that all of their info has been offered or leaked and your [web] site was at fault for leaking the facts and harmful the reputation of all your clients and providers,” the information reported.
“Lastly, any backlinks you have indexed in lookup engines will be de-indexed centered on the black hat methods we utilised in the earlier to de-index our targets, not to point out obtaining your business on every single blacklist in the region.”
The scammers then posted a Bitcoin deal with, demanding $2500 inside 72 several hours or else they will “completely destroy your name with your buyers, your suppliers, your partners, on Google and the whole state.”
It’s unclear how widespread the marketing campaign is, but the ‘Team Montesano’ group behind it are plainly hoping to cash-in on common information of info breach extortion teams these types of as the infamous Lapsus$.
As these, it can be submitted together with identical attempts like sextortion frauds which usually use small pieces of beforehand breached data these as legacy email passwords in an endeavor to lend legitimacy to their tale that they have obtain to the victim’s device.
In these e-mails, the individual’s internet site handle is stated in get to personalize the scam, but there is small else there to advise the group’s demands should really be taken severely.
Some parts of this article are sourced from:
www.infosecurity-magazine.com