Mass Email Extortion Campaign Claims Server Hack
Mass Email Extortion Campaign Claims Server Hack
Phil Muncaster
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine
Email PhilFollow @philmuncaster
Security experts have revealed a new extortion campaign threatening to leak sensitive corporate data unless a Bitcoin payment is made.
Microsoft regional director and HaveIBeenPwned founder, Troy Hunt, revealed the unsolicited email in a social media post. It claimed that the fraudsters had hacked his site by exploiting some unnamed vulnerabilities and harvesting database credentials before extracting the “complete data” from all computers and servers.
“We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your [web] site was at fault for leaking the information and damaging the reputation of all your customers and providers,” the message said.
“Lastly, any links you have indexed in search engines will be de-indexed based on the black hat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country.”
The scammers then posted a Bitcoin address, demanding $2500 within 72 hours or else they will “completely destroy your reputation with your customers, your suppliers, your partners, on Google and the entire country.”
It’s unclear how widespread the campaign is, but the ‘Team Montesano’ group behind it are clearly hoping to cash-in on widespread news of data breach extortion groups such as the notorious Lapsus$.
As such, it can be filed alongside similar attempts like sextortion scams which often use small pieces of previously breached data such as legacy email passwords in an attempt to lend legitimacy to their story that they have access to the victim’s machine.
In these emails, the individual’s website address is listed in order to personalize the scam, but there’s little else there to suggest the group’s demands should be taken seriously.
Phil Muncaster
Phil Muncaster UK / EMEA News Reporter, Infosecurity Magazine
Email PhilFollow @philmuncaster
Security experts have revealed a new extortion campaign threatening to leak sensitive corporate data unless a Bitcoin payment is made.
Microsoft regional director and HaveIBeenPwned founder, Troy Hunt, revealed the unsolicited email in a social media post. It claimed that the fraudsters had hacked his site by exploiting some unnamed vulnerabilities and harvesting database credentials before extracting the “complete data” from all computers and servers.
“We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your [web] site was at fault for leaking the information and damaging the reputation of all your customers and providers,” the message said.
“Lastly, any links you have indexed in search engines will be de-indexed based on the black hat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country.”
The scammers then posted a Bitcoin address, demanding $2500 within 72 hours or else they will “completely destroy your reputation with your customers, your suppliers, your partners, on Google and the entire country.”
It’s unclear how widespread the campaign is, but the ‘Team Montesano’ group behind it are clearly hoping to cash-in on widespread news of data breach extortion groups such as the notorious Lapsus$.
As such, it can be filed alongside similar attempts like sextortion scams which often use small pieces of previously breached data such as legacy email passwords in an attempt to lend legitimacy to their story that they have access to the victim’s machine.
In these emails, the individual’s website address is listed in order to personalize the scam, but there’s little else there to suggest the group’s demands should be taken seriously.