Initial Email Content
Hi.
I have bad news for you. Unfortunately, something bad happened.
One of your credentials was compromised, and that led to a chain of events that I will explain to you now.
Using your password, our team got access to your email. We downloaded all data, and with some effort used it to get access to your backup files.
Nothing could have prevented this.
The data that we have downloaded, contains your personal photos and videos, chats, documents, emails, contacts, your browsing history, notes, social media history and more, including some deleted files.
I am sure that you dont want any part of your private information to be seen by other people. And you can stop this.
If we dont get what we are asking for, we will use this information against you.
If you are not sure of what can be done, just imagine what would happen if we use your email and phone number to send the most private and damaging content to your contacts.
That would be very damaging to you.
However, there is a solution. You can avoid this mess by paying a fee to delete the files we have.
So let's make this simple. You pay $1500 USD, and there will be nothing to worry about. No chats, no photos, nothing.
Use Bitcoin to make the transfer. Wallet address is 1JaSs2bTAYVbj6jaqD5Mjfs8gSLYgvYCrK , it's unique and we will know that you made the payment immediately.
You have 2 days to make the transfer, that's reasonable.
Take care.
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
Attack Description
This text-based extortion attack uses a self-addressed spoofed email and a fake malware infection theme to demand a payment.