Story of a hack on Instagram and ransom in bitcoin
Last weekend, the CMO and social media manager of The Cryptonomist, Ilaria Stirpe, was the victim of a hack that took her off her Instagram profile (ilifestyleme) and received a ransom demand in bitcoin.
We are sharing this story because we hope it will help others who have found themselves victims of these blackmail attempts. For it is indeed blackmailing.
It all started on a Saturday evening, April 3rd, the eve of Easter. At 8:30 PM, Ilaria received a private message on Instagram. She opened the app, went to the direct messages section and saw that the sender was Instagram itself, which was notifying her of a violation of the publication policy. The text contains a link to which she can appeal to prove that her posts did not violate the community’s guidelines. In addition, the message she received ended with a text that seemed reminiscent of copyright. It all seemed legitimate, but instead, it was a ”phishing” attempt, only it did not exploit the e-mail but a social network.
The hack on Instagram and the ransom in bitcoin
Ilaria didn’t fall for the trap straight away. She took her time, did some research and saw that this was indeed how Instagram communicated violations to its users. She clicked on the link in the message, which led to a login page. Ilaria started entering her credentials, and that was the mistake the hacker was waiting for. Because from that moment on, Ilaria starts receiving notifications from Instagram about suspicious accesses. Despite several attempts to block the hacker, the impostor eventually prevailed: Ilaria found herself literally kicked off her Instagram profile and at the same time received a notification that the email associated with her account had also been changed. In record time.
Ilaria Stirpe is also a fashion blogger. Her profile boasts 24,000 followers and collaborations with numerous fashion and cosmetics brands. It goes without saying that a violation of her account would be extremely damaging to her.
Already in a state of panic, a few minutes later she received a WhatsApp message from an unknown number with the international dialling code +7. The message contains a photo: it is a screenshot of her Instagram account, bare, with no more posts and no indication of followers or followings. And the text goes something like this:
“I think this is your account”.
A conversation via WhatsApp begins. The hacker introduces himself as a “pirate” and asks for a ransom: 150 euro in bitcoin, also providing the address and giving the guarantee that once paid, she will get her account back. Ilaria stalls.
How to react to a hacker attack
Now, we decided to tell this story partly because of the amount that was demanded as ransom. 150 euro is not an excessive expense. The temptation to pay and regain possession of one’s account is irresistible to anyone. But one should not give in to blackmail and Ilaria did not yield. Between paying and denouncing, Ilaria chose the second path.
The first step was to make a phone call to the postal police, which in Italy is responsible for collecting reports of computer crimes. The second step was to look for help on the web, where, at 3 AM, she found a video of a YouTuber recounting a similar scam. The difference is that in this case the victim paid, did not get her account back, and the hacker even raised the ransom demand. Increasingly convinced that paying won’t do any good, Ilaria followed the YouTuber’s instructions and sought assistance from Instagram.
At this point, we will let Ilaria Stirpe have a word:
“There are two ways to be able to regain control of the account. The first is by using another person’s account: by going into the settings you report a problem through a comment that allows you to insert images as attachments. Since I have a personal profile, a closed account, I reported the problem by attaching screenshots and contact requests. Meanwhile, through the video, I realized that there is another way. After logging out of your account, there is a sentence written under the login ID bars that shows a query that says: ‘If you need assistance click here’. This opens a contact portal where you can report a problem that leads to an inability to log in, whether it’s a lost password or a profile breach due to a hacker”.
Ilaria fills in the form, describes what happened, and sends the request. And she goes to sleep.
The next day, Facebook (which also owns Instagram) had already taken up her case. Ilaria recounts:
“Facebook’s support was fast. They asked me to write a complaint by email summarizing what had happened, including screenshots. I did so, and 24 hours later Facebook wrote to me again, indicating the procedure to follow: I had to send a selfie with a sheet of paper in my hand with my name and surname and a code that appeared in the email to verify that it was me who had requested to regain possession of my account. I take the selfie, send the photo, and promptly FB sends me a link to reset my password, re-enter my username and the email associated with my account. Through this process, which demonstrates fast and proactive customer service, I was able to regain possession of my account.
Without paying a cent. All this happened while the hacker continued to send her a barrage of messages, asking her to pay or say goodbye to her Instagram profile for good. A psychological pressure that was difficult to handle. Ilaria Stirpe recounts:
“I decided to disclose my experience because many people are pressured into paying these ransoms. I wanted to inform the community that it is possible to use customer service and quickly regain possession of your profile. We would therefore urge you not to be tempted by this, even if you have a business account. Because you can get your profile back within a few days without paying”.
The best way is therefore not to pay, even if the amount is small, but to contact customer support and, of course, to report, even under pressure:
“Be careful not to fall into blackmail, because these people are looking to commit psychological violence, they are constantly writing that you have to pay: it is a technique that makes sure that you don’t have the time to psychologically think about how to take action and in total desperation, you decide to deprive yourself of a sum of money that is easily sustainable. The problem is that the hackers do not return the accounts but keep asking for more money”.
Unfortunately, the security problems of social networks do not end there:
“According to research, Facebook has been under hacker attack since January and therefore many user profiles’ data from all over the world have been breached. That’s why my advice is to install security systems such as 2FA, which gives you a greater measure of protection from unknown access”.
We have covered ransomware, phishing cases and various scams demanding bitcoin several times on The Cryptonomist. Ilaria Stirpe’s story is but one in a sea of fraudsters who think they can get away with hiding behind an anonymous number and a bitcoin wallet.
If you ever find yourself in this situation, remember:
- do not pay;
- contact customer support;
- contact the authorities.