Fake Ransomware Your Website has been Hacked

A fake ransomware scam goes around that targets website contact forms. It sends an email to the location owner with the topic “Your Site Has Been Hacked.” The body of the e-mail claims the hackers have exploited a vulnerability to realize access to the site’s database and “move the knowledge to an offshore server.” the e-mail threatens to ruin the location owner’s reputation by selling the site’s database, notifying customers that their information has been compromised, and de-indexing the location with search engines using blackhat techniques.

Within the past few weeks, website owners have reported having received this email on various support channels, including WordPress.org, StackOverflow, and Reddit. The sites in question haven’t been defaced, nor do they show the other evidence of tampering.

The Bitcoin Abuse Database has seen a surge of reports regarding this scam in May and June, logged under various Bitcoin addresses. The scammers send the e-mail out indiscriminately, even targeting sites that don’t have a database. Thus far the campaigns haven’t been very successful at convincing site owners to pay the ransom.


The Bitcoin Abuse Database advises visitors that extortion emails are 100% fake, and people who receive them shouldn’t pay ransoms.

If you or one among your clients receive an email like this, rest assured that it’s a scam that needs no action. If you would like to be extra cautious, you’ll change your passwords and use a security plugin to scan your files for changes. Otherwise, simply delete the email.

An example of this scam email is below for reference:


We have hacked your website [website URL] and extracted your databases.

How did this happen?

Our team has found a vulnerability within your site that we were ready to exploit. After finding the vulnerability we were ready to get your database credentials and extract your entire database and move the knowledge to an offshore server.

What does this mean?

We will systematically undergo a series of steps of totally damaging your reputation. First, your database is going to be leaked or sold to the very best bidder which they’re going to use with whatever their intentions are. Next, if there are e-mails found they’re going to the e-mail that their information has been sold or leaked and your site [website URL] was guilty thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly, any links that you simply have indexed within the search engines are going to be de-indexed based off of blackhat techniques that we utilized in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The present price is USD 2000 in bitcoins (BTC).

Send the bitcoin to the subsequent Bitcoin address (Copy and paste because it is case sensitive):


Once you’ve got paid we’ll automatically get informed that it had been your payment. Please note that you simply need to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do i buy Bitcoins?

You can easily buy bitcoins via several websites or maybe offline from a Bitcoin-ATM. we propose you https://cex.io/ for purchasing bitcoins.

What if I don’t pay?

If you opt not to pay, we’ll start the attack at the indicated date and uphold it until you are doing, there’s no countermeasure to the present, you’ll only find yourself wasting extra money trying to seek out an answer. We’ll destroy your reputation amongst google and your customers.

This is not a hoax, don’t reply to the present email, don’t attempt to reason or negotiate, we’ll not read any replies. Once you’ve got paid we’ll stop what we were doing and you’ll never hear from us again!

Please note that Bitcoin is anonymous and nobody will determine that you simply have complied.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.