Website owners are being targeted with extortion attempts seeking bitcoin payment 0f $1,500 – $3,000 in order to avoid having their sites’ databases leaked or sold. These messages also threaten to:
- email all associates and customers in an effort to inflict reputational damage.
- de-index sites from search engines using Black Hat SEO (Search Engine Optimization) techniques.
Malicious actors claim that they are able to take these actions via an exploited vulnerability found in the sites’ software, allowing them to harvest credentials and exfiltrate the databases to attacker-controlled servers. However, scammers have failed to provide proof that data has been exfiltrated. Hence, these messages appear to be part of an extortion campaign, which is widely distributed via phishing messages.
The following is an excerpt from a phishing message in this campaign:
![Screenshot of phishing message fragment with statement ""We have have your website [website URL] and extracted your databases", with two sections "How did this happen?" and "What does this mean?"](https://bpb-us-e1.wpmucdn.com/wp.nyu.edu/dist/5/2398/files/2020/06/Screen-Shot-2020-06-24-at-3.42.24-PM.png)
Recipients of these messages are advised not to pay the ransom. Please note that embedded bitcoin addresses in messages may be searched at https://www.bitcoinabuse.com/reports for fraud or extortion reports. Additionally, escams can be reported to the FBI Internet Crime Complaint Center (IC3).