The website of a Florida-based car parts dealer is currently out of service after a hacker hijacked the domain name and shuttered its hosting provider’s account to ransom it for Bitcoin. Per legal documents and a ransom note that was produced in court where the…
The website of a Florida-based car parts dealer is currently out of service after a hacker hijacked the domain name and shuttered its hosting provider’s account to ransom it for Bitcoin.
Per legal documents and a ransom note that was produced in court where the victim obtained a temporary order preventing the domain name from being transferred from its current host, the domain name of XPort Auto Parts Inc, xportautoparts.com was stolen on August 15th.
The domain name was hosted on GoDaddy servers but was transferred to a Russia-based domain name registrar and hosting provider Reg.ru by the hacker. The current server location of the stolen domain name is Russia.
Information obtained from website analysis tool Website Outlook shows that the registered address of the hacker or group of hackers that stole the domain name is in the U.S. This could be true or simply an attempt to obfuscate the real identity of the hacker by using a stolen identity for instance.
Before hijacking the domain name the hacker seemed to have gathered some inside information regarding the Florida online car parts dealer. In the Bitcoin ransom note the hacker disclosed that between February and August 2019, the business had generated revenues of approximately $400,000.
Consequently, the hacker who seemed to suggest that the car parts dealer was not his only victim hinted that the average Bitcoin ransom rate is approximately 25% of gross sales.
“You made 400k$ Gross for the past 6 months, so my price of this and all other domains is 10BTC.”
The Florida online car parts dealer was provided hours to make the payment. One Bitcoin in mid-August was priced roughly at $10,000.
Unlike other similar ransomware attacks where the hackers suggest resources that the victim could use to get a primer on using Bitcoin, this particular one was aware that the victim was cryptocurrency-savvy even going to the extent of mentioning the victim’s cryptocurrency exchange account:
I am sure you know what bitcoin is. I got all your information and every account. You got Binance (firstname.lastname@example.org:Jorge59****) so you should be familliar with crypto.
Unfortunately for the hacker, the online auto parts dealer failed to comply and instead sought the help of the hosting services provider managing to get the hosting account back. The domain name, however, remained in the hands of the hacker.
Consequently, the hacker halved the period by which the Bitcoin ransom would have to be paid to 24 hours. This was roughly seven hours after the first demand was made. The hacker also threatened to double the ransom if the new instructions were not complied with.
Six days later (144 hours) the Bitcoin ransom still hadn’t been paid and the frustrated hacker had been reduced to writing in all caps!
Update: The law firm representing the auto parts dealer, Recalde Law, has disclosed that XPort Auto Parts Inc got its domain name back within days of filing the lawsuit.
Last modified: September 17, 2019 3:24 PM UTC