“Sextortion” Emails Now Bearing Infectious GrandCrab Ransomware Links. Seriously

Beware the sextortion email with the suspicious link or attachment, says cybersecurity company Proofpoint Research.

Standard “sextortion” attacks, in which would-be-hackers threaten to expose a target’s “prurient” online activity if not paid a ransom in cryptocurrency, are so last year.

Savvy hackers are now adding a twist to their more standard hack- not only will they questionably accuse you of one sexual sin or another, they may also try to get you to download click an actual threatening bit of software designed to choke access to your files.

Then you really, really will have to pay a ransom to get your alleged porn collection back.

According to Proofpoint, standard sextortion emails include these features:

  • claims a target’s computer has been infected by spyware or a key logger (software that covertly monitors key strokes on your keyboard)
  • information obtained from a possible previous hack on the target, including a password, or personal info gleaned from social media. This info is included to add veracity to the attacker’s claims
  • “Accusations of impropriety online or of inappropriate files stored on the device”
  • a demand for a ransom payment to a bitcoin wallet in order to avoid being exposed

New-style sextortion emails, which Proofpoint says are being sent in a, “campaign involving thousands of messages sent to a variety of targets primarily in the United States,” now also include a link that will take you to a supposed video of your naughty self.

That very link will then infect you -not with something you’ll need antibiotics for, mind you- but rather with a nasty case of ransomware called “GrandCrab” (oddly enough).

Hilariously shaming text from an example email provided by Proofpoint goes like this:


“I have very bad news for you…I looked at the sites you regularly visit, and I was shocked by what I saw!!!…I want to say – you are a very BIG pervert. Your fantasy is shifted far away from the normal course!…”

“I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular…I made a video presentation in Power Point. And laid it out in a private cloud…”

“I think $381 is a very, very small amount for my silence.”

“LOL! Private cloud! $381?”

Proofpoint is evidently more grave about it than I:

“This particular attack combines multiple layers of social engineering as vulnerable, frightened recipients are tricked into clicking the link to determine whether the sender actually has evidence of illicit activity.”

As a long-time English-as-a-second-language teacher, I would like to throw my investigative hat into the ring here if I may.

Proofpoint, if you are listening: this is definitely Korean English.

Anyways, if you or anyone you know should find yourselves the unfortunate recipient of this oddly childish and moralistic threatening email, Proofpoint advises the following:

“Individuals receiving sextortion emails should 1) assume the sender does not actually possess screenshots or video of any compromising activity and 2) should not click any links or open attachments to verify the sender’s claims.”

In the meantime: keep your webcam covered and your dalliances discreet.

Sponsored Links by DQ Promote


Send this to a friend