Hello, welcome to the Monday, July 30th, 2018 edition of the Sans Summit Storm Center's StormCast. My name is Johannes Ulrich.

I'm recording from Jacksonville, Florida. As I have mentioned a couple times before, we have seen a number of

different extortion emails recently that took advantage of leaked passwords. Rick posted a summary of the

activity that he has seen from this scam by monitoring Bitcoin addresses that he collected

from these emails. He collected a total of 334 addresses.

We have seen some reuse of these addresses, so it's not easy to figure out how many addresses

were used in total and sort of what these 334 addresses represent that Rick Monard, but 57 of these addresses have received payments.

Now, these 56 addresses have received a total of 123 payments, again pointing to at least some

reuse of these addresses. We can not easily derive as a result the actual success rate

of these emails, but it does suggest that my best guess would be a few percent success here,

maybe up to about 10 percent of the emails actually result in payments and the total amount of

Bitcoin deposited in these addresses does amount to about $200,000.

At this point, we haven't really seen any money being removed from these addresses, so looks

like the hacker is still waiting for a good day to actually reap the profits from their

work.

And security researcher Ivan Kwiakowski came across a number of websites that distributed

well-known software ataced with adware.

Now, the software itself was legitimate. For example, key pass was used in this attack,

or audacity, the software that I'm actually using to record this podcast. But if you

downloaded the software from one of the affected sites, you actually ended up

with the software and some adware.

Now, why would you go to another site?

...