A new wave of bitcoin ransom scam has been reported which targets website owners by claiming their sites to be hacked and asking 1500 - 3000 USD worth of bitcoins.
Scammers push a narrative that the database of the website has been extracted and if the owner of the site does not cooperate, they will either leak or sell the database to the highest bidder.
Additionally, they threaten to use black-hat SEO techniques to ruin the website rankings to destroy the reputation of the victim in the eyes of Google and its customers.
They provide no proof of their claims and refuse to reply to any emails to make this not negotiable.
"We have hacked your website and extracted your database."
This claim is definitely worrisome for those who actually have a website. On the other hand, we have many examples of people receiving the exact email, even without owning any domain or a website.
Ask yourself, is there any proof of these claims? Does that email contain any information that could indicate that the website is compromised and that the database breached? What kind of information is there in the database? Does it even have a database?
Critical questions as such often give you a quick reality check if this is something you should worry about.
Don't pay the ransom
Paying ransom even when your hard-drive is fully encrypted due to ransomware is a bad idea. As long as people pay the ransom, such as scams and ransomware malware just continues to evolve.
Unfortunately, looking at the different bitcoin wallets linked to these attacks there have been at least 5 people who have fallen to the scam and paid the ransom.
One of the wallets linked to the attack has received close to $2000 worth of payments in bitcoins. Another wallet used in this scam has not yet received payments but has already been reported for abuse 81 times.
It's a scam
Be very skeptical about all ransom emails and about this bitcoin ransom scam. Similar scams have been used to trick people into believing they have been recorded behind the computer.
Sometimes even their passwords are shown and the passwords are shown as proof (in which cases they just use already existing database leaks to scam people who have been affected).
If you're still afraid and not sure what to do. Write to the most IT knowledgable person you know to double-check.
Here's the full bitcoin ransom scam email:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site's reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).
Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!
How do I get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you https://cex.io/ for buying bitcoins.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no countermeasure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
Stay sharp and stay safe!
How can Patchstack help you to protect your websites?
- Get automated fixes for vulnerabilities before they are exposed to the world.
- Gain an overview of blocked threats and attacks against your websites.
- Patch the main risk for website security - the plugin vulnerabilities.
- Identify vulnerable plugins and know which ones should be updated.
- No hassle 1-minute setup.
Try Patchstack now, cancel anytime, 30-day money-back guarantee.