Deep Fake Video & Ransomware Blackmail Threat

AI expert explains how deep fake videos can be used to extort money: Internet Scambusters #936

A horrifying combination of deep fake videos and ransomware is looming on the scam horizon.

Videos are now easily faked, showing victims in what seems to be a compromising situation — and then ransomware is used to demand a blackmail payment.

In this week’s issue, we’ll explain what’s happening and how you can defend yourself against this scary scam.

Let’s get started…


Deep Fake Video & Ransomware Blackmail Threat


Crooks may soon be combining a pair of already wicked scams — deep fake videos and ransomware — into a single threat that will strike fear into the hearts and minds of victims.

Deep fake videos are fabricated with software that makes an individual seem to be saying and doing things they’ve never done in reality. We’ve seen a lot of them in the recent election campaign.

We wrote about it in more detail a couple of years ago: Deep Fake Videos Threaten Turmoil for all Users.

Ransomware is a type of malware that extorts money out of victims.

Mostly, it’s used to lock up the data in a PC or an entire network until the user pays a ransom. But now a leading Internet anti-malware firm is warning it could be used to blackmail them with the threat of posting a deep fake video online, showing them in some kind of compromising situation.

The fear has blown up because new AI software makes it easy to generate deep fakes without any expertise.

Artificial intelligence (AI) expert Paul Andrei Bricman, who first identified the threat, defines it as “a type of malicious software that automatically generates fake video, which shows the victim performing an incriminatory or intimate action and threatens to distribute it unless a ransom is paid.”

Victims would be told that, if they pay up, the video will be permanently deleted. But we all know that blackmailers nearly always hang on to their “evidence” so they can come back and ask for more.

Now Internet security firm Malwarebytes has latched onto the threat, warning, “If something like this can be automated, you can bet that more bad actors with little to no background in programming will take interest in such a technology.”

Their view is echoed by another online security specialist, Trend Micro, which tracks cybercriminal activities and the underground market that supplies the software and relevant information to identify potential victims. Trend describes deep fake ransomware as an “emerging threat.”

How It Works

Here’s how it works: First, the scammer tricks the victim into installing malware on their PC. Then they “scrape” (steals) videos and voice samples of the victim.

Alternatively, they scrape their raw materials that are publicly available online — for example, posted on social media. Then the crook uses the new software to superimpose elements from the scrapes onto a compromising video so it looks like the victim who’s committing whatever act is depicted.

If the scammer has access to the victim’s PC, the horror unfolds with a typical ransomware countdown screen giving the victim a specific time to pay the ransom or have the video posted online.

It’s also possible the blackmail demand could be sent by email, along with a link to the deep fake video, again with a ransom demand to get the original deleted. In this case, clicking the link not only accesses the video but also downloads the ransomware while the victim is watching.

In either case, the crook usually demands payment by untraceable cybercurrency, most probably Bitcoin. Or they may ask for the ransom payment to be wired, again untraceably.

Malwarebytes notes: “(T)he potential for this campaign to destroy a target’s reputation is exceedingly high. It doesn’t really matter whether a video of someone is real or doctored to look real. As humans, we tend to believe what we see, because if you can’t trust your own eyes, what can you trust?”

Of course, the image doesn’t have to be a video. It can also be a still photo, again showing the victim in an embarrassing situation.

It’s also possible, experts tell us, that an email scammer doesn’t even have a video and just uses the link to upload malware to create a regular ransomware demand.

The best way to avoid this scam is to do your best to ensure the crooks can’t get their hands on your images. That means using privacy settings on your social media accounts that allow only friends to see your photos.

Plus, of course, don’t click on email and text links in messages that suggest someone has blackmail material about you, even if the message seems to come from a person you know.

Think long and hard, says Malwarebytes, about who you’re sharing your content with and where.

“Do an audit of your current photos and videos online and who has access to them,” suggests blogger Jovi Umawing. “Weed out public-facing photos as much as you can or set them to be viewed by certain groups in your pool of contacts. If they’re not photos you posted yourself, simply un-tag yourself, or ask your contact to take them down.

Alert of the Week

By the time you read this, there may or may not be word of a new economic stimulus payment for US citizens and residents.

Whether there is or not, beware of a fake IRS email asking for your bank account details so they can send money to you. That’s not how the IRS operates. They’ll either have your bank details already from previous filings or send you a check. They may send a letter, which you can double check with them, but they won’t email you.

Time to conclude for today — have a great week!