With the latest Sextortion campaign still in the wild, a couple of us at the ISC decided to try to follow the money. Starting very early in the campaign, we started collecting Bitcoin addresses from the sextortion emails and, using the blockchain.com API Didier used in his diary, all it took was a simple script to be able to monitor payments coming into the BTC addresses associated with this campaign. Initially I was just interested in how long after the campaign began would the bad guys move the money out of these addresses, but it soon became obvious there was much more to be gleaned from this data.
Article Link: https://isc.sans.edu/diary/rss/23922