Security researchers have observed a spike in extortion attempts and phishing campaigns against the Ashley Madison users … are they effective?

The hack of the Ashley Madison website has demonstrated us how much dangerous could be a cyber attack against a website that manage sensitive and confidential information of millions users. The disclosure of the Ashley Madison dump has dramatic consequences for the victims and their families, many lives were destroyed by the disclosure of the information contained in the archive of the adultery website.

The disclosure of the data has caused a spike in scams against the Ashley Madison victims as confirmed by experts at Symantec.

“Scammers have moved quickly to take advantage of the Ashley Madison data breach and Symantec telemetry shows a spike in spam email campaigns mentioning the infidelity website. The breach and subsequent leak of user data has created a market opportunity for scammers seeking to take advantage of people affected by the breach.” states Symantec.

The researchers observed a spike in phishing campaigns related to Ashley Madison that contain references to the website in the subject lines of emails. Blocked subject lines included:

  • “How to check if your email is part of Ashley Madison’s hack”
  • “Ashley Madison Hack Should Scare You”
  • “How to Check if You Were Exposed in Ashley Madison Hack”
  • “Ashley Madison records leak”
  • “Ashley Madison Hack Update”
  • “Ashley Madison hacked, is your spouse cheating”

a2

The popular investigator Brian Krebs has reported on blackmail emails aimed Ashley Madison users who demanded a bitcoin in exchange for a promise of non-disclosure of the information to their partner.

The question is “Does Blackmailing Pay?”

The security researcher at Cloudmark Toshiro Nishimura explained in a blog post “this extortion campaign could have yielded a worthwhile sum for very little effort.”

The expert demonstrated that blackmailing Ashley Madison users is a profitable business for crooks.

They tried to investigate how many victims are actually paying the blackmailers. Victims received an email demanding a fee in bitcoins (1.05, or $243 at current exchange rates) and blackmailers have sent the victim data related a newly-created wallet.

At this point, Nishimura investigated on the blockchain for that specific amount.

“Specifically, we found 67 suspicious transactions totalling 70.35 BTC or approximately 15814 USD within the extortion time frame of approximately 4 days paying 1.05 BTC to addresses, with no previous activity, and with 2 or fewer transaction outputs. All suspicious address we found are attached below. (We conservatively restricted ourselves to ordinary transactions with 2 or less outputs, thus excluding those which were less likely to be simple one-to-one payments.)

To put this in perspective, in the three months prior to 8/22/2015 when we first started seeing the extortion emails, we saw a total of 67 transactions matching the above pattern at a rate of approximately 5.3 per 100,000 transactions, versus 8.9 during the extortion period.” wrote the expert.

The researcher highlighted an increment of 40 percent more Bitcoin transactions that fulfilled the criteria used for the investigation, the circumstance suggests that those transactions are likely related to victims that decided to pay the 1.05 bitcoins, for a total of about $6,400.

Be aware … if you have paid there is no guarantee that you will stay secure!

Pierluigi Paganini