Checkpoint Researchers say that a recent study made by them has found that hackers dealing with ransomware spread via Phorpiex Botnet have shifted gears to Se$tortion which has so far affected thousands and is intended to reach millions of victims by this year-end.
According to the study, Phorpiex is an active botnet since 2010 and has taken control of more than 500,000 computers on a global note. Earlier, the botnet was found distributing GandCrab ransomware and some crypto-mining malware only in western countries.
Now those distributing the said ransomware have found a fresh form of revenue generation which is Wide-scale S^#tortion. Already an email campaign victimizing thousands have been launched a couple of months ago and more such events are yet to come.
S^%tortion is a kind of blackmail game played by hackers where they derive the intimate system activity of a victim who is accessing P*&^ by malware means and then sends those video clippings of the victim watching that A-rated content to his or her email address. Further, if the victim denies paying the hackers the demanded ransom (usually $800), they threaten to distribute the evidence to the world.
It is estimated that those threat actors spreading Se#$tortion emails are using the Phorpiex botnet to send over 30,000 emails per hour.
Now, the big question- How are the email addresses being gathered?
First, a random malware campaign is run on the internet out of which few of the victims fall prey by clicking on the email links which lead to malware downloads. Then after the malware records everything taking place on the browser and then sends the data to remote control and command servers. This is when an automated analysis of the data is conducted and the targets for the email campaign are selected.
It is estimated that in 5 months, more than 14 Bitcoins were received by the Phorpiex Campaign wallet that is now having a value of a minimum of $110,000 or $22,000 per month.