[Scam Of The Week] New Sextortion Attacks Take A Dark Turn And Infect People With GandCrab Ransomware


Our friends at Proofpoint reported that last week employees in the United States have been bombarded by a spam attack that pushed a double-whammy of a sextortion attempt combined with a possible ransomware infection.

Starting around May 2018, there have been a number of attack waves pushing different versions of sextortion threats.

There have been sextortion scams where the criminals claimed they were from China, where the hackers claimed they intercepted a user's computer cache data, where the hackers claimed to have hacked all of a victim's online accounts, where crooks claimed they hacked the victim's phone, or where crooks claimed to have recorded the user via his webcam while visiting adult sites.

These themes vary almost on a weekly basis, as scammers professionally test different themes and tactics to determine the best ROI. And they've been making money hand over fist.

But this week, sextortion scams took another dangerous turn. Security researchers at Proofpoint blogged they've seen a variation of a sextortion scam campaign that included a download link at the bottom of the blackmail message.

The scammers claimed to have a video of the user pleasuring himself while visiting adult sites, and they urged the user to access the link and see for himself. But Proofpoint says that instead of a video, users received a ZIP file with a set of malicious files inside.

Users who downloaded and ran these files would be infected by the AZORult malware, which would immediately download and install the GandCrab ransomwareEven if the user had no intention of paying the sextortion demand, curious users would still end up being held for ransom if they were careless enough to follow the link and ran the files they received.

You should warn your users to delete these emails, or better yet, click on the (free) Phish Alert Button and report them your organization's IT Incident Response team.

I suggest you send the following to your employees in high-risk jobs specifically. You're welcome to copy, paste, and/or edit:

The bad guys are getting more and more dangerous with sextortion scams. They now send you an email that claims they have a video of you watching an inappropriate website, and that you can download that video and see it for yourself. But if you do, your computer gets infected with ransomware! If any of this type of emails make it through the spam filters, please follow our organization's email security policy, and Think Before You Click!  [OPTIONAL]  Click on the Phish Alert Button to delete it from your inbox and at the same time alert IT about this scam.

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?


KnowBe4’s Phish Alert button now also works with Outlook Mobile for iOS and Android. This enables your users to report suspicious emails from not only their computer but from their mobile inbox as well.   

(If you’re running Office 365 and want to give your end-users the ability to report suspicious emails from from their mobile inbox, you can enable the official Outlook Mobile app for iOS or Android directly from the KnowBe4 console. )

The Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

 Best of all, there is no charge!

  • Reinforces your organization's security culture
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!

Get your Phish Alert Button

If you do not like to click on buttons with redirects, here is a link you can cut and paste into your browser: https://info.knowbe4.com/free-phish-alert

Topics: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews