The campaign "could be an attempt to ride the coattails of high-profile news stories and result in a higher likelihood of payment. Another trend we have seen over the past four months are a focus on sending these threats to financial institutions and large insurance providers," said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
Proofpoint's analysis showed that the threatening emails are being sent by Fancy Lazarus to knowledgeable individuals within the targeted organizations.
"The emailed individuals also work in areas such as communications, external relations, investor relations. Additionally, extortion emails are often sent to email aliases such as help desk, abuse, administrative contacts or customer service," said Proofpoint.