<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>extortion &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/extortion/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Wed, 03 Sep 2025 16:19:14 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Generative AI as a Cybercrime Assistant</title>
		<link>https://noise.getoto.net/2025/09/04/generative-ai-as-a-cybercrime-assistant/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 04 Sep 2025 11:06:25 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[theft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=70649</guid>

					<description><![CDATA[<p>Anthropic <a href="https://www.anthropic.com/news/detecting-countering-misuse-aug-2025">reports</a> on a Claude user:</p>
<blockquote><p>We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000.</p>
<p>The actor used AI to what we believe is an unprecedented degree. Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Criminal Gang Physically Assaulting People for Their Cryptocurrency</title>
		<link>https://noise.getoto.net/2024/07/18/criminal-gang-physically-assaulting-people-for-their-cryptocurrency/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 18 Jul 2024 15:33:18 +0000</pubDate>
				<category><![CDATA[Bitcoin]]></category>
		<category><![CDATA[crime]]></category>
		<category><![CDATA[cryptocurrency]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[law enforcement]]></category>
		<category><![CDATA[physical security]]></category>
		<category><![CDATA[torture]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69175</guid>

					<description><![CDATA[<p>This is <a href="https://www.wired.com/story/crypto-home-invasion-crime-ring/">pretty horrific</a>:</p>
<blockquote><p>…a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—­both in their seventies—­and forcing them to transfer more than $150,000 in Bitcoin and Ether to the thieves’ crypto wallets...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Ransomware Gang Files SEC Complaint</title>
		<link>https://noise.getoto.net/2023/11/17/ransomware-gang-files-sec-complaint/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 17 Nov 2023 16:31:50 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68115</guid>

					<description><![CDATA[<p>A ransomware gang, annoyed at not being paid, <a href="https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/">filed an SEC complaint</a> against its victim for not disclosing its security breach within the required four days.</p>
<p>This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Ransomware Payments Are Down</title>
		<link>https://noise.getoto.net/2023/01/31/ransomware-payments-are-down/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 31 Jan 2023 12:03:28 +0000</pubDate>
				<category><![CDATA[crime]]></category>
		<category><![CDATA[cryptocurrency]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66684</guid>

					<description><![CDATA[<p>Chainalysis <a href="https://blog.chainalysis.com/reports/crypto-ransomware-revenue-down-as-victims-refuse-to-pay/">reports</a> that worldwide ransomware payments were down in 2022.</p>
<blockquote><p>Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.</p>
<p>As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data. When we published last year’s version of this report, for example, we had only identified $602 million in <a href="https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-ransomware/">ransomware payments in 2021...</a></p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The LockBit Ransomware Gang Is Surprisingly Professional</title>
		<link>https://noise.getoto.net/2022/09/07/the-lockbit-ransomware-gang-is-surprisingly-professional/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 07 Sep 2022 14:26:10 +0000</pubDate>
				<category><![CDATA[data loss]]></category>
		<category><![CDATA[denial-of-service]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65842</guid>

					<description><![CDATA[<p>This <a href="https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-gets-aggressive-with-triple-extortion-tactic/">article</a> makes LockBit sound like a legitimate organization:</p>
<blockquote><p>The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom.</p>
<p>LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it.</p>
<p>“I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting,” LockBitSupp wrote in a post on a hacker forum...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Hackers Using Fake Police Data Requests against Tech Companies</title>
		<link>https://noise.getoto.net/2022/04/05/hackers-using-fake-police-data-requests-against-tech-companies/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 05 Apr 2022 11:04:10 +0000</pubDate>
				<category><![CDATA[courts]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[forgery]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[police]]></category>
		<category><![CDATA[scams]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65300</guid>

					<description><![CDATA[<p>Brian Krebs has a <a href="https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/">detailed post</a> about hackers using fake police data requests to trick companies into handing over data.</p>
<blockquote><p>Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.</p>
<p>But in certain circumstances ­– such as a case involving imminent harm or death –­ an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>FBI Had the REvil Decryption Key</title>
		<link>https://noise.getoto.net/2021/09/22/fbi-had-the-revil-decryption-key/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 22 Sep 2021 14:30:01 +0000</pubDate>
				<category><![CDATA[externalities]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[fbi]]></category>
		<category><![CDATA[hacking]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[tradecraft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63687</guid>

					<description><![CDATA[<p>The <i>Washington Post</i> <a href="https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html">reports</a> that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.</p>
<blockquote><p>The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.</p>
<p>But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On the Evolution of Ransomware</title>
		<link>https://noise.getoto.net/2020/12/30/on-the-evolution-of-ransomware/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 30 Dec 2020 12:33:54 +0000</pubDate>
				<category><![CDATA[blackmail]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[ransomware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60689</guid>

					<description><![CDATA[<p>Good article on the <a href="https://www.wired.com/story/ransomware-2020-headed-down-dire-path/">evolution of ransomware</a>:</p>
<blockquote><p>Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their techniques, attackers are growing bolder. They&#8217;ve begun to incorporate other types of extortion like blackmail into their arsenals, by exfiltrating an organization&#8217;s data and then threatening to release it if the victim doesn&#8217;t pay an additional fee. Most significantly, ransomware attackers have transitioned from a model in which they hit lots of individuals and accumulated many small ransom payments to one where they carefully plan attacks against a ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Finnish Data Theft and Extortion</title>
		<link>https://noise.getoto.net/2020/12/10/finnish-data-theft-and-extortion/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 10 Dec 2020 19:48:18 +0000</pubDate>
				<category><![CDATA[blackmail]]></category>
		<category><![CDATA[cybercrime]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Data Breaches]]></category>
		<category><![CDATA[extortion]]></category>
		<category><![CDATA[Healthcare]]></category>
		<category><![CDATA[theft]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60570</guid>

					<description><![CDATA[<p>The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the <a href="https://www.cyberscoop.com/finnish-psychotherapy-data-breach-vastaamo/">patients</a>:</p>
<blockquote><p>Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records. The company reportedly did not pay up. Given the scale of the attack and the sensitive nature of the stolen data, the case has become a national story in Finland. Globally, attacks on health care organizations have escalated as cybercriminals look for higher-value targets...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 36/168 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-07 12:09:35 by W3 Total Cache
-->