Criminals claim „Your site has been hacked“ and demand Bitcoins.

Blackmail by email has been on the rise the last couple of years. Every once in a while cybercriminals send these emails on a massive scale to all kinds of recepients and are claiming to have access to the computer, the email account, the webcam, etc.
For example, they claim they have found the computer user visiting erotic webseites and filmed him via webcam. For a payment of a certain amount Bitcoins, they would not reveal this embarrasing material to friends or the public.

An overview (in German) with a few examples you can find here.

Now there is a new variant of this blackmail scam.
Apparently website owner’s are being targeted. Cybercriminals claim they have hacked into the recipients website after a security vulnerability was found. Subsequently, accordung to the criminals, databanks were extracted and movesd to an „offshore server“. Furthermore, the reputation of the contacted company will be systematically destroyed if a certain amount (e.g. $3000) is not transfered in Bitcoins.

Example email (anonymised and re-translated from German)

Subject: Your site has been hacked

Text: Please forward the email to someone in this company who is allowed to make important decisions! We have hacked your website http://www.[…].de and extracted your databank.

How did it happen?
Our team had found a security vulnerability on your website that we took advantage of. After we found the vulnerability we were able to retrieve your login information for your databank, extracted it completely, and moved the information to an offshore server.

What does that mean?
We will systematically go through a number of steps to completely destroy your reputation. First, your databank will be leaked or sold to the highest bidder, who can use it at will. If emails are found, you will be notified via email that your information has been sold or leaked and your website http://www.[…].de has made a mistake, damaging your reputation and antagonising your customers / employees.
Finally, all links you have indexed in the search engines will be deindexed based on blackhat techniques we have used to in the past to de-index our targets.

How do I stop it?
We are prepared to not destroy your website’s reputation for a small fee. The current fee is .322 BTC in Bitcoins (3000USD). Send the Bitcoin to the following  Bitcoin address (copy and paste, as it is case sensitive) 1FjMYuEXXRSPbey42fRkHwLgH1yohE2PZF. Once you have paid, we will automatically be informed that it was your payment. Please note that you must make the payment within 5 days of recieving this notification, otherwise the database leak, the emails sent, and the de-indexation of your website will start!

How do I get Bitcoins?
You can easily buy Bitcoins from multiple websites or even offline at a Bitcoin ATM. We recommend https:// cex. io/ for purchasing Bitcoins.

What if I don’t pay?
If you choose not to pay, we will launch that attack on the date specified and continue until you comply. There is no countermeasure.You’ll just end up wasting more money trying to find a solution. We will completely destroy your reputation with Google and your customers.

This is not a joke. D not reply to this email. Do not try to argue or to negotiate. We will not read responses.

Once you pay, we will stop what we have done and you will never hear from us again! Pleases note that Bitcoin is anonymous and no one will find out that you complied to our demands.“

The examples sent to us so far suggest that the cybercriminals have sent these emails via the contact forms of the respective website. It is also conceivable thatthey were sent to email addresses found on the website.

So far we do not know of any actualexternal access to the websites. At the moment we assume that the cybercriminals are again sending out these false statements en masse, only in slightly altered form.

Important notice: Do not pay the demanded sum and do not try to make contact with the senders of those emails.
If you have already paid, we advise you to report the matter to your local police.

On a related note, however, we would like you to take a closer look at your CMS for the the respective website. An update (e.g. in WordPress) may be necessary to close known security holes.