Cyber-blackmail: Attackers Demand Bitcoin Payments Under $2,000

A study conducted by researchers at Columbia University with the help of AI-based detectors from Barracuda Networks reveals that 90% of extortion email cyber-attacks demand moderate payments, typically less than USD 2,000 in bitcoin. 97% of attackers send fewer than 10 attack emails each, and 3,000 unique Bitcoin wallet addresses have been identified, with only 100 of them appearing in 80% of the emails.

The study aims to understand the financial infrastructure used by attackers in this type of extortion. The extortion emails threaten to disclose compromising information unless the victim makes payments in cryptocurrencies, especially Bitcoin.

According to Asaf Cidon, associate professor of electrical engineering at Columbia University: “Our analysis suggests that extortion scams are carried out by a relatively small number of perpetrators, each with a relatively small number of victims.
number of perpetrators, each carrying out multiple small-scale attacks with extortion demands.
scale attacks with moderate extortion demands. These relatively modest sums make it
make it more likely that targets will cooperate with the extortion, and the relatively small number of mails per sender make it more likely that targets will cooperate with the extortion.
relatively small number of mails per sender makes it easier for attackers to avoid detection by traditional security technologies and payment providers’ anti-fraud measures, thus avoiding alerting the police and the media, which could inform potential victims about the scam”.

Extortions with modest amounts

The results indicate that attackers target no more than 10 work email accounts at a time and request modest payments, around USD 1,000 in bitcoin, to avoid alerting potential victims, security teams, and payment systems. In addition, 97% of attack emails are sent from fewer than 10 sender accounts.

These relatively modest sums make it more likely that victims will cooperate with attackers, and the low number of emails per sender allows attackers to avoid detection by traditional security technologies and anti-fraud measures, avoiding alerting law enforcement and the media, which could inform potential victims about the scam.

Senior director of email protection product marketing at Barracuda, Nishant Taneja, warns: “Security teams need to take extortion attacks seriously, especially when they target individuals through their work email accounts. “It is important to investigate how the attacker obtained the account details, e.g. were they exposed or stolen at some point, or does it mean that the recipient has used their work account and device for inappropriate activities, such as visiting questionable websites? Both scenarios have security implications for the company and the individual. This can be embarrassing and distressing, which increases the likelihood that the victim will pay.

Protecting employees

To protect employees and the wider organisation from extortion attacks, it is recommended to invest in AI-powered email security that can detect and block such emails before they reach the intended recipient.

In addition, security policies should be implemented and training provided to employees to discourage inappropriate use of their work emails and to report any incidents securely and confidentially.