Cybercrime Groups Promising $360,000 Annual Salaries to Accomplices Helping to Extort High Net Worth Individuals: C-Level Executives, Lawyers and Doctors in Threat Actors’ Cross Hairs

Digital Shadows Photon Research Team tracks 792,000 sextortion
attempts in 7 months with criminals making an average of $540 per victim

SAN FRANCISCO & LONDON–(BUSINESS WIRE)–Digital Shadows, the leader in Digital Risk Protection, has today
published new research looking at the business of cyber extortion.
Entitled ‘A
Tale of Epic Extortions’
it reveals that criminal groups are
promising salaries averaging the equivalent of $360,000 per year to
accomplices who can help them target high-worth individuals, such as
company executives, lawyers and doctors with extortion scams. These
salary promises can be higher still for those with network management,
penetration testing and programming skills – with one threat actor
willing to pay the equivalent of $768,000 per year, with add-ons and a
final salary after the second year of $1,080,000 per year.

One principal method of extortion where criminals deem potential victims
to be particularly vulnerable is so-called ‘sextortion’. Digital Shadows
tracked a sample of sextortion campaigns and found that from July 2018
to February 2019 over 89,000 unique recipients faced some 792,000
extortion attempts against them. An analysis of Bitcoin wallets
associated with these scams found that sextortionists could be reaping
an average of $540 per victim.

The campaigns follow a similar pattern: The extortionist provides the
user with a known password as “proof” of compromise, then claims to have
video footage of the victim watching adult content online, and finally
urges them to pay a ransom to a specified Bitcoin (BTC) address.
However, it is worth noting that other campaigns can be even more
sinister – the so-called ‘Hitman’ spam campaign Digital Shadows noted
from December 2018 simply claims recipients will be “killed” unless a
Bitcoin demand is paid.

Extortion is in part being fuelled by the amount of ready-made extortion
material readily available on criminal forums. These are lowering the
barriers to entry for wannabe criminals with sensitive corporate
documents, intellectual property, and extortion manuals being sold on by
more experienced criminals to service aspiring extortionists. Blackmail
guides, for example, are on sale for less than $10.

In one such example, seen by Digital Shadows, the guide specifically
focuses on a sextortion tactic whereby the threat actor begins an online
relationship with a married man and then threatens to reveal details of
the affair with his partner unless a ransom is paid. The guide claims
this extortion method is the easiest for ‘novice’ threat actors to start
with, suggesting they could earn between $300-$500 per extortion
attempt. Dedicated subsections exist on criminal forums for these type
of dating scams.

Even greater levels of sophistication could be around the corner if
so-called ‘crowd funding’ schemes take off. In April 2018, threat actor
‘thedarkoverlord’ stole documents belonging to the insurance provider,
Hiscox. This included files related to the 9/11 attacks in the US. The
threat actor hoped to play on the public’s appetite for 9/11-related
controversy and encourages people to raise funds in order to view the
documents. Currently this campaign has amassed some $11,600 (3.46 BTC).

Crowdfunding models such as this allow extortionists to raise funds from
the general public rather than relying on victims giving in to ransom
demands. Organizations dealing with inflammatory or sensational
information should therefore consider how they would respond if an
attacker opts for this course of action.

Rick Holland, CISO and Head of the Photon Research Team at Digital
Shadows, comments: “The research shows that cybercriminal groups are
increasing their targeting of high net worth individuals and / or those
that hold positions of power within companies. Many threat actor groups
are actively on the recruit for members to collaborate with and to help
them scale their operations.

Holland continues: “Widespread and opportunistic extortion campaigns are
also lucrative. The social engineering aspects of these emails prey upon
the recipients and entice them into paying the extortion amount.
Unfortunately, our analysis of a select number of the campaigns, shows
us the criminals have amassed over $300,000. Education and minimizing
your personal and professional online exposure are essential for
thwarting extortionists goals. Since the lines between our personal and
professional lives are so blurred, firms should educate their staff and
tell them never to pay out a sextortion request.”

Digital Shadows advises the following to reduce the risk of extortion:

  • Do not respond to sextortion emails. These scams are generally
    mass, opportunistic campaigns. Treat them as spam.
  • Use HaveIBeenPwned
    to find previously breached accounts.
    Sextortion emails sometimes
    include a previously breached password that belongs to the victim in
    an effort to add legitimacy to the email. If you have email accounts
    that have been publicly exposed, update the password for the
    account and enable multi-factor authentication if possible.
  • Develop a ransomware playbook. Regularly back up data and store
    sensitive files in detached storage away from the main network. Do not
    forget to periodically test your back-up and recovery processes. The
    wrong time to identify flaws in your disaster recovery strategy is after
    all your critical data has been encrypted.
  • Shrink your potential attack surface. Make remote-access
    solutions (such as remote desktop protocol) accessible only over a
    virtual private network (VPN), and disable all other legacy or
    unnecessary features to harden your system against attack. Identify
    your most critical systems and apply vendor patches to publicly known
  • Apply best practices for user permissions. Remove local admin
    rights, restrict execution privileges on temporary and data folders
    that ransomware typically execute from, and implement whitelisted
    application lists.
  • Secure email end-users. Strong spam filters and restrictions
    around email attachments can help prevent spam extortion emails and
    malware from reaching the end-users’ email boxes.
  • Submit a complaint to the FBI’s IC3. The FBI’s Internet Crime
    Complaints Center (IC3) accepts complaints from the public regarding
    scams like ransomware and sextortion (

To learn more about the issue of extortion please view the following

The full research: A
Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure


Digital Shadows minimizes digital risk by identifying unwanted exposure
and protecting against external threats. Organizations can suffer
regulatory fines, loss of intellectual property, and reputational damage
when digital risk is left unmanaged. Digital Shadows SearchLight™ helps
you minimize these risks by detecting data loss, securing your online
brand, and reducing your attack surface. To learn more and get free
access to SearchLight, visit


Digital Shadows
Susan Helmick

error: Content is protected !!