Hello, Criminals are now trawling through data stolen and leaked from Ashely Madison to find potential targets. Credit:AP Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information. If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address: 1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won't know it's you who paid. You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here….. The individual who received that extortion attempt — an Ashley Madison user who agreed to speak about the attack on condition that only his first name be used — said he's "loosely concerned" about future extortion attacks, but not especially this one in particular. "If I put myself in [the extortionist's] shoes, the likelihood of them disclosing stuff doesn't increase their chance of getting money," said Mac. "I just not going to respond." Mac says he's more worried about targeted extortion attacks. A few years ago, he met a woman via Ashley Madison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who's been married for more than 10 years, Mac said his life would be "incredibly disrupted" if extortionists made good on their threats.

Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address. "So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am," Mac said. "I'll accept the consequences if this does get disclosed, but obviously I'd rather not have that happen because my wife and I are both very happy in our marriage." Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cybersecurity officer at Trend Micro. Kellerman is convinced we'll see criminals leveraging the Ashley Madison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim's most treasured files with a secret encryption key unless and until the victim pays a ransom (also in Bitcoins). "There is going to be a dramatic crime wave of these types of virtual shakedowns, and they'll evolve into spear-phishing campaigns that leverage crypto malware," Kellerman said. "The same criminals who enjoy deploying ransomware would love to use this data."

"We may actually see spear-phishing campaigns against spouses of individuals who are involved in this, attacks that say, 'Hey, your wife or husband was involved in this site, do you want to see proof of that?'" And the proof, in this scenario, would be a booby-trapped attachment that deploys spyware or malware. Mac says he doesn't regret the affair he had via Ashley Madison; his only regret is not finding a way to keep his home address out of his records on the site. "I regret using my home address and some of my personal information that Ashley Madison didn't take as good care of as they should have," he said. "But I really, I'm mad these hackers feel it's so important to force the hand of people that have a different outlook on life." The Ashley Madison data is leaked on various sites, but the data itself is not easily searchable by folks who aren't familiar with raw database files. However, several sites have since popped up that allow anyone to search by email address to find if that address had an account at AshleyMadison.com.

True, AshleyMadison.com did not always verify email addresses, but some of these AshleyMadison search services coming online will indicate whether the associated email address also has a payment record — a marker which could be useful to extortionists. KrebsOnSecurity Follow Digital Life on Twitter