Only 100 people are behind the majority of extortion on the Internet – who are they?
Barracuda Network finds out how a hundred elite hackers are waging war against your wallet
Cyber security experts assumed that behind almost all extortion on the Internet is a very small number of “elite” hackers – about a hundred people.
The conclusion was made on the basis of a study conducted by the Barracuda Network company together with specialists from Columbia University. More than 300,000 extortionate emails were studied, as well as the addresses of cryptocurrency wallets, to which the attackers received the ransom.
It turned out that 80% of all letters are associated with a hundred of the same mailing addresses. This means that there is a small group of hackers behind them, possibly related. Most often require small amounts – less than 2 thousand dollars. Probably with the expectation that the victims will not contact the police and will not attract the attention of banks and tax authorities. Only bitcoin is used to receive the ransom. Cryptocurrency provides fraudsters with a high level of anonymity.
The researchers also analyzed the “sender” field in each email. Thus, you can calculate how many messages were sent from one address. The information was then correlated with the number of unique bitcoin addresses used by certain hackers. For clarity of analysis, Barracuda experts built graphs, breaking them down by the number of letters from one sender.
It was found that the same sender can use different addresses of crypto wallets in their letters. It must be a way to make it harder to keep track of cash flow.
Experts believe that countering Internet scammers should now be fairly easy. If law enforcement can get on the trail of even a small number of hackers, this will already be great progress. Second, because ransomware hackers copy each other’s actions and follow similar patterns, email security providers will be able to block most of these attacks with simple detectors. For example, Barracuda Sentinel or Barracuda Forensics and Incident Response can help detect and stop such attacks.