A recent extortion campaign has been uncovered by security experts, threatening to leak sensitive corporate data unless a Bitcoin payment is made. Troy Hunt, Microsoft regional director and founder of HaveIBeenPwned, shared details of the unsolicited email on social media. The email claimed that the fraudsters had hacked his site by exploiting vulnerabilities and obtaining database credentials to extract “complete data” from all computers and servers.
The threatening message outlined a series of steps the scammers would take to damage the victim’s reputation. This included leaking or selling the database to the highest bidder, sending emails to customers and partners stating their information had been compromised, and de-indexing the victim’s website links in search engines. The scammers demanded a Bitcoin payment of $2500 within 72 hours to prevent the reputation destruction.
The group behind this campaign, known as ‘Team Montesano’, appears to be following the trend of data breach extortion groups like Lapsus$. These scammers often use small pieces of previously breached data to lend credibility to their threats. While the email personalized the scam by including the victim’s website address, there is little else to suggest that the demands should be taken seriously.
It is unclear how widespread this extortion campaign is, but it serves as a reminder of the growing threat of cyber extortion. Businesses should remain vigilant and take steps to protect their data and systems from such attacks. This incident highlights the importance of implementing strong security measures and staying informed about the latest cybersecurity threats.