Cybersecurity news headlines for September 2021

In September’s edition of cybersecurity news, we cover only two stories. The FBI warns that romance and sextortion scams are on the rise, with millions of dollars of reported losses already. And the REvil ransomware gang reappears under the same name after a two-month hiatus following the Kaseya ransomware attack.

 

 

Without further ado, here’s what made the biggest cybersecurity news headlines in September 2021.

Crypto romance and sextortion scams are on the rise, FBI warns

The Federal Bureau of Investigation (FBI) has warned that romance and sextortion scams are on the rise, and the reported losses are in the millions of dollars. According to the FBI, Americans have lost more than $113 million to romance and $8 million to sextortion scams in 2021.

Romance scams involve scammers using fake identities to develop fake romantic relationships with victims in order to get them to send money. These are long-term scams because scammers need to gain a victim’s trust and establish a relationship before they can actually start asking for money. In some cases, the payoff for scammers is worth the months spent on a victim because they can earn tens of thousands of dollars from just one victim. It’s also not uncommon for one scammer to be interacting with multiple victims at the same time. Victims are usually approached by scammers on social media and dating apps. Scammers have a particular type of victim they tend to target, commonly widows/widowers, divorcees, older people, etc. Both men and women can become victims of romance scams. The FBI has received 1,800 complaints in the first half of 2021.

When a romance scammer successfully approaches a victim and establishes a romantic relationship, they will slowly start asking for money. At first, it may be small sums but then gradually become larger. Scammers make up all kinds of reasons for needing money, usually medical emergencies, visa issues, emergency travel expenses, etc. Because scammers usually claim to be in a different country than the victim, the reasons may sound plausible enough to victims.

While traditional romance scams are not going anywhere, the FBI has warned that in addition to just asking for money, romance scammers have also started promoting cryptocurrency investment scams. Unlike in traditional romance scams where scammers wait to ask for money, they may start promoting these fake investment opportunities shortly after starting a fake relationship.

“The scammer gains the confidence and trust of the victim—through establishing an online relationship—and then claims to have knowledge of cryptocurrency investment or trading opportunities that will result in substantial profits. The scammer directs the victim to a fraudulent website or application for an investment opportunity,” the FBI explains.

When a victim makes a small investment to test the waters, the scammer allows them to withdraw a small profit to make it seem like the investment opportunity would actually help make a profit. Scammers then start encouraging the victim to make larger investments. They apply psychological pressure and make up all kinds of scenarios of why it’s necessary to make the investment as soon as possible. If victims fall for this and try to withdraw profits after investing a large sum of money, scammers will come up with excuses why they cannot do that. Once scammers realize they can no longer trick the victim into investing more money, they stop all communication.

“Victims are not able to withdraw any money, and the scammers most often stop communicating with the victim after they cease to send additional funds.”

The rise of crypto romance scams, or romance scams in general, is not surprising considering the times we live in. With the ongoing COVID-19 pandemic, many people are feeling more isolated than ever and thus, turn to online dating. And scammers take full advantage of those most vulnerable. The fact that romance scammers started pushing crypto scams is also not unexpected. Cryptocurrencies are more popular than ever, which attracts new, inexperienced investors.

The FBI has also warned the general public of a massive increase in sextortion scams. In the first half of 2021, the FBI’s IC3 has received over 16,000 sextortion complaints, with damages exceeding $8 million. Nearly half of the victims were in the 20-39 age group.

Sextortion scams involve cyber criminals threatening to publicly release private videos if demands are not met. There are many types of sextortion scams, some scammers threaten to release videos that do not actually exist, while others do have those videos/photos in their possession.

“Most victims report the initial contact with the fraudster is mutual and made using dating websites and apps. Soon after the encounter, the fraudster requests the interaction be moved from the website or app to another messaging platform. The fraudster instigates the exchange of sexually explicit material and then encourages the victim to participate via video chat or send their own explicit photos,” the FBI explains sextortion scams.

The criminals then blackmail victims into sending more explicit images or demand money in exchange for those photos to not be publicly released.

Another type of sextortion scam involves scammers claiming to have hacked a victim’s computer. These sextortion scams usually come via email and claim that there is a video of the victim watching pornography. They threaten to release the non-existent video if the victim does not agree to pay. An example of a sextortion email can be found here.

REvil ransomware gang returns after a two-month hiatus

The notorious REvil gang is back after suddenly disappearing two months ago. The gang is known for targeting big companies like JBS, Kenneth Cole, and Coop. Its biggest cyberattack on software company Kaseya is what led to the gang’s sudden disappearance. The ransomware’s infrastructure was taken down completely after it came under close scrutiny from law enforcement following the ransomware attack on Kaseya. The attack led to the encryption of 60 managed service providers and over 1,500 businesses using Kaseya’s VSA remote management program. Managed service providers were asked to pay $5 million, businesses – $44,999 for a decryptor. REvil demanded a $50 million ransom for a universal decryptor that would help all victims. REvil is also one of the ransomware gangs that steal data from targets and then threaten to publish it if the ransom is not paid. Fearing their data will be published, many businesses likely paid the ransom. While it’s unclear whether Kaseya paid the ransom, they did receive the universal decryptor.

The Kaseya ransomware attack brought the extensive attention of law enforcement and worldwide media, something the REvil gang likely did not expect. Soon after the attack, the gang suddenly shut down all their activities and disappeared. Many speculated that they would return under a different name but in early September, the gang returned under the same name – REvil. A post on a hacker forum by a REvil representative says that the gang stopped operations after the alleged arrest of a different representative and compromise of their servers. The gang now appears to be back in full force and will likely continue targeting big companies.

References

• Scammers Defraud Victims of Millions of Dollars in New Trend in Romance Scams. FBI Public Service Announcement.
• FBI Warns about an Increase in Sextortion Complaints. FBI Public Service Announcement.
• Lawrence Abrams. REvil ransomware is back in full attack mode and leaking data. BleepingComputer.