Sextortion Scams are Now Using Password Protected Files for Evidence
Sextortion scams, dating back many years, have been evolving recently, with new variants coming around that are now using attachments of protected zip files. Those files claim they contain proof of a video recording of the recipient, to cement the fact that the attackers behind the Sextortion scams have a way of ruining their reputation if the victims don't do what is demanded of them. Although the individual files in the archive cannot be viewed, they can still be seen in terms of names, which may cause the victims of the scam to become rattled enough to be forced to pay a ransom.
The objective of this scam is to fool the recipients of the emails into making payments to avoid the spread of their embarrassing videos, allegedly sent to their family and friends, coworkers and so forth.
In many cases, these emails and their scam nature can be noticed as obvious, but in some people may be fooled into believing the scams are true. For that reason, the attackers are doing everything in their power to make their scam as believable as possible to fool as many people as possible.
The most recent Sextortion variant was reported by the website MyOnlineSecurity, known to use subject lines that claim the victims were warned many times. The subject also claims the attackers behind the scam have webcam video of the users utilizing pornographic websites. Using these tactics, they threaten to release the video to the user's contacts unless they send the equivalent of 660 USD in Bitcoin.
What are the contents of the file?
Attached to the emails is a password protected zip file that happens to contain files claiming to be proof of the hacker's complete access to the victim's computer. Names that can be seen among the password protected archive files include 'contacts.txt', 'Camera-Vid.avi', 'debt.txt' and so forth, making them appear as threatening as possible.
The files may not be accessed, however, unless a password for them was purchased from the attackers. Within the spam email, users may find a link that leads them to a website by the name of cryptonator.com. The website offers purchase of the supposed password for the attached zip file for the sum of 50 USD.
Although these emails may appear dangerous to the people on the receiving end, users need to keep in mind they are only scams and nothing else. To current knowledge, there is no threat behind them apart from being a scam trying to fool people into making payments. Deleting them may be a mistake however, as there is no guarantee that the scam will not evolve in the coming months into something that does involve ransomware or similar threats. Any suspicious behavior such as suddenly encrypted files, ransom notes dropped on the desktop of a computer or any other location on it.
If any of this behavior is noticed, the people behind the scam and the potential threat give you a specific window of time to respond to their email. In case this is not a scam in the near future, users are advised to keep the emails, as they are evidence.
Contacting your computer security vendor
There is a good chance that tech support may know more about any threat that may be involved if the scam escalates. The company in question may be preparing to block the next wave of any such attacks if they are not aware of them already. Submitting samples of the threat to the vendors will likely not give users an immediate answer since they get hundreds of thousands of samples every day. Even though these software solutions may block things that were never seen before, through the use of machine learning and heuristics, sometimes a brand new threat may get past this protection. Reporting the threat to security researchers can help solve the issue, putting it on the radar as soon as possible.