Update: Please send your material and findings, if any, to [email protected]
Early this morning (UTC), Hacked.com was the subject of a DDoS-based cyberattack designed to shut down the website in exchange for a payment of 2 bitcoins (approx. $648 USD).
An email came in from one of the extortionists who went by the name ‘Jon’ and carried the threat of contacting our advertisers to let them know the websites are down, if the payment wasn’t made within the hour.
To resolve the situation quickly, all we had to do was turn up our DDoS mitigation protection and both websites were back online.
In the email, ‘Jon’ said:
[Pay us now] or we will keep attacking your website, we have only used 20% of the machines we have enslaved by our Trojan
If you don’t pay us those 2 BTC today, you will have to pay 3 BTC tomorrow.
Presumably, the infected ‘machines’ being referred to are a part of a malicious botnet used for similar cybercriminal activity.
The bitcoin address mentioned in the email is:
The email in its entirety can be seen in the screenshot below:
Additional details from the email include:
Received: from mout.gmx.com ([184.108.40.206]:49517)
(envelope-from <[email protected]>)
for X; Mon, 23 Nov 2015 00:06:42 -0500
Received: from [220.127.116.11] by 3capp-mailcom-lxa08.server.lan (via HTTP);
Mon, 23 Nov 2015 06:06:04 +0100
Message-ID: <[email protected]mailcom-lxa08>
From: “Peter Evans” <[email protected]>
Bitcoin, Taken Advantage of by Cyber Criminals
Since Bitcoin is a decentralized ‘digital’ currency without the need for a banking or regulatory authority, cross-border payments are easily done using bitcoin. While the cryptocurrency undoubtedly represents a breakthrough in financial technology, it has also helped anonymous cybercriminals who seek ransom demands in bitcoin while possibly operating from a different continent entirely.
Hacked has previously reported on multiple incidents wherein cybercriminals chose to use Bitcoin for their misdeeds.
It is entirely likely that cable giant Comcast recently paid a bitcoin ransom in exchange for a darknet listing that hawked nearly 600,000 customers’ details.
Even Linux-powered websites were the targets of a ransomware called Linux.Encoder.1, with one victim detailing how the attack was carried out.
A Bitcoin Bounty from Hacked
We would need the following details:
- ID(s) of the extortionists
- Location (address)
- Similar attacks on other sites/companies
- Other relevant information
Send your material to [email protected]
Although the disruption lasted a few hours, both Hacked and CCN are back online and bolstered with increased security measures to block DDoS disruptions.
Featured image from Shutterstock.