Got an email "Your Site Has Been Hacked"

Hi guys. I received a scary email today informing me that my site was hacked by a team that found a vulnerability that they used to access my site database, extract it and upload it to an offshore server. I run a local business, my website is based on Wordpress, and I don't keep any sensitive information other than the leads I received for my company's roofing services. Immediately after receiving this email, I checked the site, and it's working perfectly fine, so it's not destroyed. But I'm still worried that these guys got access to the database because they said they would send out messages to all my clients and do other things to destroy my reputation. They are asking for $3,500 (or 0.15 Bitcoin) in ransom. Their Bitcoin wallet: bc1qevg9dq38z0ez6ql7cqrzr879jzls3u978caqts

What should I do? 

Below is the full text of the letter:

Your Site Has Been Hacked


We have hacked your website and extracted your databases.

How did this happen?

Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do i stop this?

We are willing to refrain from going through with these actions for a small fee. The amount:  $3500 (0.15 BTC)

The Address Part 1: bc1qevg9dq38z0ez6ql7c

The Address Part 2: qrzr879jzls3u978caqts

So, you have to manually copy + paste Part1 and Part2 in one string made of 42 characters with no space between parts that start with «b» and end with «s» is, the actually address where you should send the payment. Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 72 hours after seeing this message or the database leak, e-mails dispatched, and de-index of your site WiLL start!

How do i get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.

What if i don’t pay?

if you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied. Finally don't reply as this email is unmonitored.

Location: Hanstedt
Joseph Harisson Joseph Harisson 7 months ago #

Hello Michael. Since January 15, 2023, our cybersecurity team has received several notifications from our partners about emails claiming that the site had been compromised. These emails stated that our partners partners' websites had a vulnerability and asked them to pay between $3000 and $3500 in bitcoins to keep the site's reputation intact. Our cybersecurity experts thoroughly checked these incidents and confirmed that this is just a scare tactic and the sites were not actually hacked.

The message is designed to trick site owners into paying to avoid leaking sensitive data or damaging their company's reputation. While the ransomware campaign may not pose an immediate danger, you need to take site security seriously.

Since your site is based on Wordpress, it's important to update your WordPress core, themes and plugins with the latest security patches. However, there may still be undetected vulnerabilities for which no patches are available, so we at IT Companies Network highly recommend using web application firewalls and vulnerability scanners.

Our site uses cookies