Cybercrime and Dark Web Research / Extorters Going to Extort: This Time Other Criminals Are the Victims

Extorters Going to Extort: This Time Other Criminals Are the Victims

Extorters Going to Extort: This Time Other Criminals Are the Victims
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
October 26, 2017 | 3 Min Read

We are increasingly used to the tactic of extorting a company through the threat actor publicly releasing data. The recent HBO extortion attempt is a prime example, and actors like thedarkoverlord have also used this approach to a large extent. Digital Shadows has tracked well over 20 of darkoverlord extortion attempts since June 2016. The process is straight forward enough; acquire a company’s valuable data, threaten to release the data if a ransom is not paid, and then put pressure on the victim through sharing the data with journalists. But cybercriminals also face this risk themselves. In this case, a criminal marketplace is the victim of an extortion attempt. Is there any trust left in criminal marketplaces?

Extorters going to extort 1 

Fig 1 – An advertisement for basetools on another criminal forum


On October 24th, a user posted on Pastebin claiming to have accessed customer details and administrator accounts of Basetools, an online criminal marketplace. The user also claimed to have obtained personal details of the administrator and demanded $50,000 in ransom, or he would release further information and the dox of the administrator. The post threatened to inform law enforcement should the payment not be made. At the time of writing, the Basetools market was “under update ” and claimed it would be back in “a few days”.

Extorters going to extort 2 

Fig 2 – The message received when accessing Basetools on 25 October 2017


Basetools is a criminal marketplace that is often advertised within Russian-speaking criminal forums and marketplaces. The site allows vendors and buyers to trade credit card information, customer accounts, and spamming tools. The site claims to offer over 150,000 accounts, 20,000 tools and 24/7 support.

 Extorters going to extort 3

Fig 3 – A screenshot provided by the extortionist, claiming to show access to the admin support panel

 One motivation behind the threat is clearly financial, but that does not tell the entire story. The actor claims that the administrator of the site has been manipulating the vendors, creating false personas and falsely elevating those vendor profiles to the top of listings.


What’s the Impact?

For many years, the criminal marketplace – whether that is on the dark or deep web – has been the preserve of cybercriminals, allowing them to easily advertise and sell their illicit goods. However, this has experienced a significant shift in the past 4 months with the demise of AlphaBay and Hansa marketplaces.

We have previously forecasted the potential shift from centralized marketplaces to more decentralized models and the conditions that would have to exist for this to become a reality. The attempted extortion of Basetools, and in particular the allegations of a admin manipulating vendor ratings is yet another reason for cybercriminals to reconsider the idea of a centralized market. In a decentralized model, the risk of this occurring would be reduced.

While the conditions for a decentralized model taking the lead may not yet be there, this may take us one step further. In future posts, we’ll be looking at the recent adoption of the decentralized model and the implications of it.

Ukrainian-language Cybercriminal Platforms: A Gap In the Market?

Ukrainian-language Cybercriminal Platforms: A Gap In the Market?

September 21, 2021 | 7 Min Read

Most readers will be aware of the threat posed...
Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to...
AlphaBay’s Return: SWOT Findings

AlphaBay’s Return: SWOT Findings

September 9, 2021 | 14 Min Read

Hot on the heels of our recent blog titled...
The Never-ending Ransomware Story

The Never-ending Ransomware Story

August 31, 2021 | 10 Min Read

In the Never Ending Story, Bastian is drawn away...