Crypto Extortion on the Rise, Says Academic Study

Crypto-based extortion basically the process of using spam-flinging botnet armies to "Ransom" dirty pictures and compromising information in exchange for bitcoin has turned virtual crime into child's play.

Speaking this week at the Advances in Financial Technology conference in Zurich, an international team comprised of researchers from the Austrian Technology Institute and security provider GoSecure sampled a population of email spam and found that the extortion process was quick, easy, and very lucrative.

Using public data hack info, the researchers found that a single instance of the popular Necurs botnet launched over 80 campaigns and in the 4.3 million emails surveyed by the team.

The team said that the botnet was surprisingly lucrative.

Compared to most extortion schemes, the spam campaign is incredibly simple, largely due to its employment of cryptocurrencies, said GoSecure's Masarah Paquet-Clouston.

"If you look at traditional [product] spam, it's much more complicated [crypto] extortion spam is much simpler," Paquet-Clouston said.

Examples provided in the paper describe an email informing the victim that the hacker will release compromising personal information if bitcoin isn't provided in a timely manner.

Tracking the bitcoin addresses used and languages employed in emails allowed the researchers to further understand how botnets operate.

Whoever was behind the botnet charged certain nationalities higher prices than others, with English speakers topping out around $745 per recipient compared to Spaniards on the lowest end at $249. The botnet reused bitcoin addresses over 3 million times and the researchers speculated the goal was to simplify payments.

Knowledge about bitcoin and methods to track payments have lead botnet campaigns to other cryptos, the team said, particularly litecoin.