Scammers Use Recycled Extortion Tactics in New Campaign

Summary

A new extortion campaign has been observed targeting website owners. Scammers claim to have exploited a vulnerability found within the owner’s website and, using stolen credentials, hacked the owner’s website and exfiltrated data. The scammers threaten to leak the stolen database, destroy the website’s reputation, and de-index the site from search engines if the ransom – ranging from $1,500-$3,000 – is not paid. The scammers fail to provide proof that any data has been exfiltrated, leading researchers to believe that this is merely an extortion attempt and not legitimate. This phishing campaign is widely distributed and recipients are not limited to website owners, further implying that this is a scam. Scammers often use traditional extortion tactics to coerce victims into paying ransom demands, such as including old passwords in the email that were exposed in previous data breaches.

Recommendations

The NJCCIC advises against paying any ransom as this does not appear to be a credible threat. Additionally, we suggest that users consider searching the embedded Bitcoin address at bitcoinabuse.com/reports for reported fraud or extortion. Further details can be found in the Bleeping Computer article.