Email extortion is the name of the game for an unpleasant scam currently in circulation. These mails claim that your data has been compromised by “Team Montesano”, and the only way to fix this predicament is to pay up with digital currencies. It’s essentially sporting all the signs of a ransomware attack in terms of messaging, except there’s no evidence of ransomware or even any data compromise.

A "fake it till you make it" blackmailer writes…

The mail claims that the attackers have “extracted all of your databases and backed up all of your mailboxes”, and are now using your own company’s server to send the blackmail message.

There’s vague references to “several vulnerabilities” being used to exploit websites and company computers, alongside extracting “complete data from computers” courtesy of stolen database credentials.

The mail quickly pivots into the land of reputation damage. In fact, that appears to be the primary focus here as the theoretical attackers outline their multi-step plan to cause irreparable harm. More specifically:

"We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your site was at fault for leaking the information and damaging the reputation of all your customers and providers. Lastly, any links you have indexed in search engines will be de-indexed based on the blackhat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country."

This is quite the comprehensive list of “we are going to ruin you forever”. Whoever put this email together has decided to lean on double/triple threat extortion attacks from ransomware land. Double/triple threats are where ransomware authors don’t “just” encrypt files; they threaten to leak and destroy other parts of a network should the ransom not be paid.

Ignore it

The attacker would have you believe that the only way out is to pay up, to the tune of $2,500 USD in Bitcoin. There’s even a time limit, in the form of 72 hours to make the payment. Otherwise it’s business reputation destruction time. “This is not a hoax”, they claim, alongside mentioning how they will destroy everything and vanish into the night. It all sounds rather scary. There’s just one thing: It’s a work of fiction.

As Bleeping Computer notes, you can check the Bitcoin addresses being used in this scam via sites such as the Bitcoin Abuse Database.  A word of warning, here: no site is immune from the curse of recovery scammers. You’ll notice the comments section contains scattered references to people who can help you recover lost Bitcoin. Do not reply to these people. They will simply try and take your money a second time, and then you’ll have additional problems to contend with on top of bogus blackmail threats.

It's never nice to receive mails like the one above. However, the key thing is not to panic. Search for the text of the mail in search engines and social media. It's very likely that others are receiving the same messages and you'll have a much better starting point for figuring out if it's a hoax or not.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.