Every email you receive saying your website has been hacked should be taken seriously as we have many examples such as Medibank and the consequences of not taking it seriously.
But in this case I want to talk about an email/message through the website I recently received (I changed the website URLs to show how it could be any website receiving this email) that is requesting bitcoin ransom:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website https://www.website.com and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your https://www.website.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.14 BTC).
The amount(approximately): $3000 (0.14 BTC)
The Address Part 1: bc1qj9u7gmjk5kznnnjgs
The Address Part 2: fvs35fftmtfh7n6wk6jt2
So, you have to manually copy + paste Part1 and Part2 in one string made of 42 characters with no space between the parts that start with “b” and end with “2” is the actually address where you should send the money to.
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 72 hours after receiving this message or the database leak, e-mails dispatched, and de-index of your site WILL start!
How do I get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
So there are a number of reasons it this a lie and fake, but lets go apply an approach that is reusable. The first is to do a google search on any unique text. In this case the bitcoin address is where I would start, which if you google you quickly see it is on many websites and some are training on spam emails. So we could stop there and say it is a hoax spam.
Lets continues and assume google didn’t find anything, even if we did search some other sentences or phrases which would be the next step.
Then reading on, it talks about the database of the website and emails contained. This website is purely a public website with no client or customer information so it doesn’t make sense. As a precaution this could be a good reminder to backup your website.
They talk about de-indexing the website, why? If they are good at de-indexing it, why did they need to hack the website? Or if they are good at de-indexing it, would it not be better business to offer their services to companies that have actually been hacked to de-index the news from google (companies do pay for this). So this is strange.
Finally they say “this is not a hoax”. If anyone has to tell you to trust them or it is not a hoax without providing evidence to support their claim then it is a hoax.
So with no actual evidence this is a hoax message.
However that said if you are not sure, feel free to get in contact with us so we can review the message as we have seen many legitimate emails that did hack the website and provided proof. In those cases we perform:
- an incident investigation to figure out what is breached
- Penetration Test to identify how they gained access so it can be fixed