Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Varieties of Extortion Experience

    scam-buttonWe are all familiar with ransomware and its increasingly dangerous cousin, wiper malware. The first encrypts your files and demands ransom payments in exchange for the decryption key. The second, now being mixed with ransomware proper, is more destructive. As its name implies, it wipes files, deletes them permanently.

    Sometimes it may be used as a threat to increase the pressure on the victim to pay. At other times it masquerades as ransomware, but even if you pay, you will not get your files back.

    These represent serious threats, best handled with awareness and a rigorous program of regular, secure backup. But there are other kinds of extortion, and these are more easily handled. Recognize them for the scams they are and simply delete them.

    We have written about various instances of these over the years, but now BleepingComputer has compiled a rundown of the more common varieties of scareware. Remember as you look at each one of these that there’s nothing to them. They work only on people whose jittery nerves or uneasy consciences lead them to panic, and then pay. Some of these phishing emails carried ransomware or information stealers as a kind of secondary payload, but the primary threat was all so much hot air:

    • “Hackers have video of you on adult web sites!” You are supposed to think someone has hacked your web cam and observed you doing whatever you might have been doing. Rest assured, they have not. A lot of people were taken in. Hoods running this sextortion scam last year were able to rake in more than $50,000 in a single week.
    • “A hitman has been hired to kill you!” Sometimes, however, that hitman with a heart. He will spare you if you send him a payment. There is no hitman.
    • "Bomb threat!” A bomb has been placed in your building and it will explode unless you cough up $20,000 or so. Again, it is unlikely in the extreme that there is a bomb, but if you are worried anyway, call the police.
    • “CIA Investigation!” So this CIA technical collection officer says you are the subject of an investigation into child pornography. If, however, you pay the merciful technical collection officer $10,000, he will delete your information from the case files. A good story, no? But alas, the CIA is not in fact on to you. Nor does the CIA investigate child pornography. The Company is an intelligence service, not a law enforcement agency.
    • “You will be infected with WannaCry, DDoSed, and doxed to the IRS!” The emailer says they have found “hidden documents” that they will report to the US Federal tax authorities, but they can tide the whole thing over if you cross their palm with two Bitcoin.
    • "Sex tape!” So, OK, the emailer says that you and he or she exchanged intimacy a long time ago. Maybe you forgot? Anyway, they secretly taped the two of you in the act, and they also stole your contact lists and passwords when you stepped out to use the toilet. Still don’t remember? Are you sure? Well, please pay $1500 or they will share the video with everyone in your contact list. Let us grade this one “highly unlikely,” but high marks for the whole bathroom thing.
    • “We will ruin your site’s reputation!” This one is usually a criminal-to-business play. The scammers threaten to spam people with your domain name, post bad reviews of your business, and they will use your name to post nasty wisecracks on other Websites’ contact forms.
    • “Hey! It’s us, the US State Police!” The State Police (never mind which of the fifty US state police departments; it’s the State Police, for heaven’s sake, and you do not ask Smokey for ID) have found that you are a child pornographer, but they are willing to look the other way in exchange for $2000. Payable, of course, in Bitcoin.

    You might find all of these laughable, but people fall for them. Teach your employees not to be spooked, or to fool around with any links or attachments the emails might carry. The threatening subject line is direct extortion, but it can also serve as phishbait for a different attack. New-school security awareness training will help any organization rest easy, knowing that CIA hitmen did not in fact date all of your people back in college, and so on.

     

    Return To KnowBe4 Security Blog

    Get Your Ransomware Hostage Rescue Manual

    Ransomware Hostage Rescue Manual Cover 2022This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

    Topics: Social Engineering, Phishing, Security Awareness Training, Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews