Police in France have arrested a 20-year-old man for his role in blackmailing thousands of French and international users with so-called sextortion emails over the past few months.
The suspect, whose name has not been released, was arrested on Monday, September 9, by officers from the Office of Combating Cybercrime (OCLCTIC) at the Paris Airport after returning to France from Ukraine.
Reports from Radio France and other local French media [1, 2, 3] said the man is a French citizen living in Ukraine. He’s now been placed under judicial control and banned from leaving the country.
Scammer involved in sextortion campaigns
Authorities said the suspect sent out massive spam campaigns that contained so-called sextortions. These are emails that scammers sent to random users in which they claim to be in possession of sensitive images or videos of a user engaging in various sexual acts.
Scammers often claim they’ve obtained these images or videos by hacking the user’s online accounts or by infecting their computers with malware.
They blackmail victims to pay a ransom fee or they’ll send the images to the victim’s contacts or publish them online.
Tactics like these have been going on for more than two decades, but sextortion, in particular, has seen a sudden surge in popularity beginning with the summer of 2018, according to Cisco Talos, Malwarebytes, and independent researchers.
French users have often been the target of many these campaigns.
Scammer made over €20,000
According to authorities, the suspect they arrested was one of the people behind these operations. He usually demanded €500 ($550) from victims, paid in Bitcoin, and according to sources in the investigation, he appears to have tricked at least 50 users, who paid a cumulative €20,000 ($22,000) to an account under the suspect’s control.
French authorities said they received over 28,000 user reports and over 1,900 formal complaints relating to the suspect’s campaigns, since the start of the year.
The suspect acknowledged his guilt, said he worked alone, and admitted to never having any images of victims in compromising positions or sexual acts.
Most sextortion campaigns work on the principle of tricking users into believing hackers have sensitive content, but most are just empty threats.
Until today, cyber-security firms have only spotted two malware strains that recorded a user’s screen when they accessed adult websites — namely Varenyky and PsiXBot. Coincidentally, the Varenyky malware strain was only distributed to French users, but there is no evidence the suspect arrested this week was involved in its creation or distribution.