businesswoman-screaming-hysterically-computer-monitor-office-shocked-woman-financial-min

Beware new extortion scam that threatens site’s data and reputations, demanding Bitcoin ransom

A new extortion scam that is actively targeting website owners and administrators worldwide has been detected and reported by BleepingComputer.com

In this new scam, victims are receiving emails that say they have been hacked, alongside threats of leaking data, ruining reputations, and blacklisting if a ransom of $2500 in Bitcoin is not paid.  

Screenshot of the ransom email, read larger below:

Your website, databases and emails has been hacked

FORWARD THIS EMAIL TO THE PERSON WITHIN YOUR COMPANY WHO MAKES THE IMPORTANT DECISIONS

You may have noticed that we are using your company's server to send this message, we have hacked into your https://www.***.gov site and extracted all of your databases and backed up all of your mailboxes.

How did this happen?

Our team found several vulnerabilities within your website and company computers that we were able to exploit. After finding them, we were able to obtain their database credentials and extract their complete data from their computers, from their site and copies of all emails in all their mailboxes with ***.gov domain and finally we moved the information to a foreign server.

What does this mean?

We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your https://***.gov site was at fault for leaking the information and damaging the reputation of all your customers and providers. Lastly, any links you have indexed in search engines will be de-indexed based on the blackhat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country.

How do I stop this?

We are willing to forget about destroying the reputation of your site and company for a small fee. The current fee is $2,500 USD in Bitcoins.

Send the amount in Bitcoin to the following address:

3Fyjqj5WutzSVJ8DnKrLgZFEAxVz6Pddn7

Once you have made your payment, we will automatically be informed of it. At the precise moment that you have read this message, you have a period of 72 hours to make the payment, or I guarantee that the reputation of your company will be completely destroyed. The proof that we have access and all your data is that this message has been sent using your company's servers.

How do I get Bitcoins?

You can easily buy bitcoins through various websites.

What happens if I don't pay?

If you decide not to pay, we will launch the attack after 72 hours and keep it until you do, there is no countermeasure to this, you will just end up wasting more money trying to find a solution. We will completely destroy your reputation with your customers, your suppliers, your partners, on google and the entire country.

This is not a hoax, do not try to reason or negotiate, we will not read any answers. Once you've paid, we'll stop what we were doing, we'll destroy all data taken from your site, your databases, your mailboxes, and you'll never hear from us again.

Keep in mind that the payment with Bitcoin is anonymous and no one will know that you have complied. The time is running.

FORWARD THIS EMAIL TO THE PERSON WITHIN YOUR COMPANY WHO MAKES THE IMPORTANT DECISIONS

You may have noticed that we are using your company’s server to send this message, we have hacked into your https://www.***.gov site and extracted all of your databases and backed up all of your mailboxes.

How did this happen?

Our team found several vulnerabilities within your website and company computers that we were able to exploit. After finding them, we were able to obtain their database credentials and extract their complete data from their computers, from their site and copies of all emails in all their mailboxes with ***.gov domain and finally we moved the information to a foreign server.

What does this mean?

We will systematically go through a series of steps to totally damage your reputation. First, your database will be leaked or sold to the highest bidder to be used for any purpose. Next, emails will be sent to all your customers, suppliers and business partners, stating that all of their information has been sold or leaked and your https://***.gov site was at fault for leaking the information and damaging the reputation of all your customers and providers. Lastly, any links you have indexed in search engines will be de-indexed based on the blackhat techniques we used in the past to de-index our targets, not to mention getting your business on every blacklist in the country.

How do I stop this?

We are willing to forget about destroying the reputation of your site and company for a small fee. The current fee is $2,500 USD in Bitcoins.

Send the amount in Bitcoin to the following address:

3Fyjqj5WutzSVJ8DnKrLgZFEAxVz6Pddn7

Once you have made your payment, we will automatically be informed of it. At the precise moment that you have read this message, you have a period of 72 hours to make the payment, or I guarantee that the reputation of your company will be completely destroyed. The proof that we have access and all your data is that this message has been sent using your company’s servers.

How do I get Bitcoins?

You can easily buy bitcoins through various websites.

What happens if I don’t pay?

If you decide not to pay, we will launch the attack after 72 hours and keep it until you do, there is no countermeasure to this, you will just end up wasting more money trying to find a solution. We will completely destroy your reputation with your customers, your suppliers, your partners, on google and the entire country.

This is not a hoax, do not try to reason or negotiate, we will not read any answers. Once you’ve paid, we’ll stop what we were doing, we’ll destroy all data taken from your site, your databases, your mailboxes, and you’ll never hear from us again.

Keep in mind that the payment with Bitcoin is anonymous and no one will know that you have complied. The time is running.

BleepingComputer reports that the Bitcoin addresses used by the scammers look to have received some payments.  

They encourage everyone to realize that these are just scams and are mass emailed. Mark as spam and delete the emails if you receive any. Speak to your current or new IT Team about any threats that come through. Adopt best cybersecurity practices when using devices and utilizing the internet.

Worried your current or lack thereof of cybersecurity practices that may be putting you at risk? Click here to schedule a brief 10-minute call to discuss your situation, needs and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data is safe or call us at 646-374-1820.

Walter-Contreras