The tawdry mess that has become the Ashley Madison affair has gotten even tawdrier as hackers are now charging exposed victims one bitcoin to keep their data private. This comes as site owner ALM placed a CA$500,000 bounty on the hackers behind the data breach.
Last week, Impact Team dumped some 10GB of data containing email addresses, street addresses and more about up to 36m users of the affair-arranging website Ashley Madison on the Tor dark web. This was followed by the dumping of 20Gb of internal data belonging to Avid Life Media (ALM), owners of Ashley Madison.
Around the world, captains of industry, politicians, civil servants and other public figures have allegedly been outed as seeking affairs on the website.
The fallout has been extreme, with finger-pointing in the media and reportedly two suicides linked to the leak in the US.
ALM has responded by placing a CA$500,000 bounty on the heads of Impact Team, the hacker collective claiming responsibility for the data dump.
The virtual shakedowns begin
If the humiliation for the 36m users hasn’t been bad enough, it now appears hackers have been rifling through the dumped files and have begun attempting to extort money from the victims.
According to Krebs on Security, hackers have been demanding one bitcoin, equal to US$225, in return for their information and, while initial attempts have been laughed off, the fear is hackers are going to accelerate such demands in a targeted way.
Tom Kellerman, chief cybersecurity officer at Trend Micro, has warned that criminals will start leveraging the Ashley Madison data to conduct spear-phishing attacks aimed at delivering ransomware, which locks users out of files unless they pay a ransom in bitcoin.
“There is going to be a dramatic crimewave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”
Bitcoin image via Shutterstock