“We Have Hacked Your Website and Extracted Your Databases” Email Scam: Comprehensive Guide to Stay Safe Online

In the digital age, cybersecurity threats loom larger than ever, with email scams being one of the most prevalent methods used by cybercriminals to exploit vulnerabilities. A particularly menacing scam that has emerged involves a threatening email claiming, “We have hacked your website and extracted your databases.” This guide will delve into what this scam entails, how to avoid falling victim to it, how spam campaigns infect computers, and provide actionable tips to block scam websites and enhance your online safety.

Screenshot of'We Have Hacked Your Website and Extracted Your Databases' email scam, showing the ransom demand and threats.
Example of a threatening email scam claiming to have hacked a website and extracted databases, demanding ransom in bitcoins.

What is the “We Have Hacked Your Website and Extracted Your Databases” Scam?

The scam unfolds through an email alleging that the recipient’s company website has been hacked, and the databases have been stolen. The scammers threaten to leak or sell the extracted data unless a ransom, typically demanded in bitcoins, is paid within a specified timeframe. The email is crafted to instill panic, urging immediate action to prevent reputational damage and financial loss.

Text of the Scam

The scam email usually starts with a directive to forward the message to someone in the company capable of making crucial decisions. It details how the scammer exploited a vulnerability in the website to extract database credentials and threatens to damage the company’s reputation by leaking data, emailing stakeholders about the breach, and using blackhat techniques to de-index the site from search engines. A ransom in bitcoins is demanded to prevent these actions.

Some of our users reported a We have hacked your website and extracted your databases” email scam that they have received, with the following message:

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website – and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your – was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $1500 in bitcoins (BTC).
Please send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):
1JToMSCtc4nW3fNDUL4xV9QYqmyKJEYMdj
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this e-mail or the database leak, e-mails dispatched, and de-index of your site WILL start!
How do I get Bitcoins?
You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with localbitcoins.com, paxful.com or do a google search.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.

How to Avoid the Scam

  1. Verify the Threat: Before taking any action, verify the legitimacy of the threat. Consult with your IT department or a cybersecurity expert to check for any actual breach.
  2. Educate Employees: Awareness is key. Educate your team about this scam and encourage skepticism towards alarming emails demanding money.
  3. Regular Security Audits: Conduct regular security audits of your website to identify and rectify vulnerabilities.
  4. Backup Your Data: Regularly back up your website data. In the event of a hack, this ensures you can restore your website without succumbing to ransom demands.
  5. Use Strong Passwords: Ensure that all accounts related to your website use strong, unique passwords and enable two-factor authentication where possible.

How Do Spam Campaigns Infect Computers?

Spam campaigns often use malicious attachments or links to infect computers. Opening an attachment or clicking on a link can install malware on your system, which could lead to data theft, ransomware attacks, or unauthorized access to your network. Cybercriminals use various tactics, such as phishing emails that mimic legitimate communications, to trick users into compromising their security.

Tips to Block Scam Websites and Enhance Online Safety

  1. Use Website Blockers: Employ browser extensions or software solutions that block known scam websites.
  2. Update Your Software: Keep all software, especially your operating system, browsers, and anti-virus programs, up to date to protect against known vulnerabilities.
  3. Enable Web Filtering: Use web filtering tools that prevent access to malicious websites and warn you about the safety of websites before you visit them.
  4. Educate About Online Scams: Continuously educate yourself and your team about new online scams and the importance of verifying information before taking action.
  5. Secure Your Network: Implement a secure firewall and consider using a VPN for added online privacy and security.

In conclusion, while the “We have hacked your website and extracted your databases” or Hacked your website email scam is designed to intimidate and extort, being informed, vigilant, and proactive in your cybersecurity practices can significantly reduce the risk of falling victim to this and other online scams. Regularly updating your security measures and fostering a culture of cybersecurity awareness within your organization are your best defenses against the ever-evolving landscape of cyber threats.

 

SUMMARY:

Name“We Have Hacked Your Website and Extracted Your Databases”
Type Trojan
Detection Tool

Remove “We Have Hacked Your Website and Extracted Your Databases”

To try and remove “We Have Hacked Your Website and Extracted Your Databases” quickly you can try this:

  1. Go to your browser’s settings and select More Tools (or Add-ons, depending on your browser).
  2. Then click on the Extensions tab.
  3. Look for the “We Have Hacked Your Website and Extracted Your Databases” extension (as well as any other unfamiliar ones).
  4. Remove “We Have Hacked Your Website and Extracted Your Databases” by clicking on the Trash Bin icon next to its name.
  5. Confirm and get rid of “We Have Hacked Your Website and Extracted Your Databases” and any other suspicious items.

If this does not work as described please follow our more detailed “We Have Hacked Your Website and Extracted Your Databases” removal guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide.


Some of the steps may require you to exit the page. Bookmark it for later reference.
Next, Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step1 Uninstall the “We Have Hacked Your Website and Extracted Your Databases” app and kill its processes

The first thing you must try to do is look for any sketchy installs on your computer and uninstall anything you think may come from “We Have Hacked Your Website and Extracted Your Databases”. After that, you’ll also need to get rid of any processes that may be related to the unwanted app by searching for them in the Task Manager.

Note that sometimes an app, especially a rogue one, may ask you to install something else or keep some of its data (such as settings files) on your PC – never agree to that when trying to delete a potentially rogue software. You need to make sure that everything is removed from your PC to get rid of the malware. Also, if you aren’t allowed to go through with the uninstallation, proceed with the guide, and try again after you’ve completed everything else.

  • Uninstalling the rogue app
  • Killing any rogue processes

Type Apps & Features in the Start Menu, open the first result, sort the list of apps by date, and look for suspicious recently installed entries.

Click on anything you think could be linked to “We Have Hacked Your Website and Extracted Your Databases”, then select uninstall, and follow the prompts to delete the app.

delete suspicious"We Have Hacked Your Website and Extracted Your Databases" apps

Press Ctrl + Shift + Esc, click More Details (if it’s not already clicked), and look for suspicious entries that may be linked to “We Have Hacked Your Website and Extracted Your Databases”.

If you come across a questionable process, right-click it, click Open File Location, scan the files with the free online malware scanner shown below, and then delete anything that gets flagged as a threat.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.
    Delete"We Have Hacked Your Website and Extracted Your Databases" files and quit its processes.

    After that, if the rogue process is still visible in the Task Manager, right-click it again and select End Process.

    Step2 Undo “We Have Hacked Your Website and Extracted Your Databases” changes made to different system settings

    It’s possible that “We Have Hacked Your Website and Extracted Your Databases” has affected various parts of your system, making changes to their settings. This can enable the malware to stay on the computer or automatically reinstall itself after you’ve seemingly deleted it. Therefore, you need to check the following elements by going to the Start Menu, searching for them, and pressing Enter to open them and to see if anything has been changed there without your approval. Then you must undo any unwanted changes made to these settings in the way shown below:

    • DNS
    • Hosts
    • Startup
    • Task
      Scheduler
    • Services
    • Registry

    Type in Start Menu: View network connections

    Right-click on your primary network, go to Properties, and do this:

    Undo DNS changes made by"We Have Hacked Your Website and Extracted Your Databases"

    Type in Start Menu: C:\Windows\System32\drivers\etc\hosts

    Delete"We Have Hacked Your Website and Extracted Your Databases" IPs from Hosts

    Type in the Start Menu: Startup apps

    Disable"We Have Hacked Your Website and Extracted Your Databases" startup apps

    Type in the Start Menu: Task Scheduler

    Delete"We Have Hacked Your Website and Extracted Your Databases" scheduled tasks

    Type in the Start Menu: Services

    Disable"We Have Hacked Your Website and Extracted Your Databases" services

    Type in the Start Menu: Registry Editor

    Press Ctrl + F to open the search window

    Clear the Registry from"We Have Hacked Your Website and Extracted Your Databases" items

    Step3 Remove “We Have Hacked Your Website and Extracted Your Databases” from your browsers

    • Delete “We Have Hacked Your Website and Extracted Your Databases” from Chrome
    • Delete “We Have Hacked Your Website and Extracted Your Databases” from Firefox
    • Delete “We Have Hacked Your Website and Extracted Your Databases” from Edge
    1. Go to the Chrome menu > More tools > Extensions, and toggle off and Remove any unwanted extensions.
    2. Next, in the Chrome Menu, go to Settings > Privacy and security > Clear browsing data > Advanced. Tick everything except Passwords and click OK.
    3. Go to Privacy & Security > Site Settings > Notifications and delete any suspicious sites that are allowed to send you notifications. Do the same in Site Settings > Pop-ups and redirects.
    4. Go to Appearance and if there’s a suspicious URL in the Custom web address field, delete it.
    1. Firefox menu, go to Add-ons and themes > Extensions, toggle off any questionable extensions, click their three-dots menu, and click Remove.
    2. Open Settings from the Firefox menu, go to Privacy & Security > Clear Data, and click Clear.
    3. Scroll down to Permissions, click Settings on each permission, and delete from it any questionable sites.
    4. Go to the Home tab, see if there’s a suspicious URL in the Homepage and new windows field, and delete it.
    1. Open the browser menu, go to Extensions, click Manage Extensions, and Disable and Remove any rogue items.
    2. From the browser menu, click Settings > Privacy, searches, and services > Choose what to clear, check all boxes except Passwords, and click Clear now.
    3. Go to the Cookies and site permissions tab, check each type of permission for permitted rogue sites, and delete them.
    4. Open the Start, home, and new tabs section, and if there’s a rogue URL under Home button, delete it.


    About the author

    blank

    Valentin Slavov

    Leave a Comment