Hackers embarrass corporate bigshots into paying to get their hijacked porn collections back

Cyber-security companies are warning about the rise of “extortionware” through which hackers embarrass victims into paying a ransom.

Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through damaging their reputation, the BBC reports.

The warning comes as hackers bragged online about how they had cracked their way into an IT company director’s secret porn collection.

In its darknet blog post about the hack last month, the cyber-criminal gang named the IT director whose work computer allegedly contained the saucy files.

It also posted a screen grab of the computer’s file library which included more than a dozen folders catalogued under the names of porn stars and porn websites.

The hacker group gloated: “Thanks God for [named IT Director]. While he was [masturbating] we downloaded several hundred gigabytes of private information about his company’s customers. God bless his hairy palms, Amen!”

The blog post has now been deleted, which experts say usually indicates that the extortion attempt worked and the hackers have been paid to restore the data and not publish any more details.

The targeted firm has not publicly acknowledged that it was hacked.

The same hacker group is currently trying to pressure another US utility company into paying a ransom by posting an employee’s username and password for a members-only porn website.

In another case, hackers claim to have found an email trail showing evidence of insurance fraud at a Canadian agriculture company.

Another example of this was seen in December 2020, when the cosmetic surgery chain The Hospital Group was held to ransom with the threat of publication of “before and after” images of patients.

Brett Callow, a threat analyst at cyber-security company Emsisoft, says the trend points to an evolution of ransomware hacking.

“This is the new norm. Hackers are now actually searching illegally acquired data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out.

“These incidents are no longer simply cyber-attacks about data, they are full-out extortion attempts.”