Security experts have recently uncovered a new extortion campaign targeting businesses, where sensitive corporate data is threatened to be leaked unless a Bitcoin payment is made. This alarming revelation was shared by Microsoft regional director and HaveIBeenPwned founder, Troy Hunt, who received an unsolicited email detailing the extortion scheme.
According to the email, the fraudsters claimed to have hacked into Hunt’s website by exploiting undisclosed vulnerabilities and obtaining database credentials. They threatened to extract “complete data” from all computers and servers, intending to damage the website owner’s reputation. The email outlined a series of steps the scammers planned to take, including leaking or selling the database to the highest bidder, sending emails to customers and partners stating that their information had been compromised, and de-indexing the website from search engines using black hat techniques.
To make matters worse, the scammers provided a Bitcoin address and demanded a payment of $2500 within 72 hours to prevent the release of the stolen data and the ensuing reputation damage. While the extent of this campaign is still unknown, the group responsible, known as ‘Team Montesano’, seems to be capitalizing on the notoriety of other data breach extortion groups like Lapsus$.
This latest scheme adds to the growing list of online extortion tactics, including sextortion scams that leverage previously breached data to lend credibility to their threats. The email targeting Hunt included his website address to personalize the scam, but lacked substantial evidence to support the group’s claims.
Businesses and individuals should remain vigilant against such extortion attempts and take proactive measures to safeguard their data and online presence. It is crucial to regularly update security protocols, monitor for suspicious activity, and educate employees on cybersecurity best practices to mitigate the risk of falling victim to these malicious schemes.