I recently helped out a site owner who’d been sent an email that said something along the lines of the following (I’m paraphrasing here, but you’ll get the gist):
We [insert hacker team name] have chosen your website for our next DDoS attack. Your site has been hacked and your data is no longer secure. We have your address, credit card details, DNA, medical records, etc. We will publish information to damage your business and attack your servers unless you pay us [x] bitcoins. This attack will start on [insert date within 48 hours of email]. If you do not pay we will destroy your reputation and your website will remain offline forever. There is nothing you can do to prevent this. This is not a hoax. Payment details are as follows, etc.
Receiving an email like this can be extremely unsettling for a business owner.
If you have received anything along these lines it’s easy to immediately assume that you’ve been targeted and your whole online presence is under threat.
What should you do if you receive a threatening email?
1. Don’t panic
Bad decisions for both you and your business are always more likely when you are under stress, as stress stops you from thinking clearly. Take a deep breath, calm the fear, and don’t assume that your website is literally about to disappear forever.
2. If you have a managed hosting plan, or a maintenance plan with a web developer, contact them first.
They will be able to check the integrity of your site, recent logins under valid usernames, and perform the necessary scans and checks to ensure your website is sound. Forward the text of the email to them so they know what has been said.
3. If you manage your site yourself?
Notify your hosting company – they will appreciate the email forwarded to them in its entirety, as the raw headers will provide some indication of the origins of the email. You should also run a scan on your website – gravityscan is a great tool for this. If you don’t already use it, there is an essential plugin called Wordfence that you should definitely have installed on your WordPress site. Are your passwords complex enough? Dictionary word-based passwords don’t stand up to brute-force attacks (trying combinations of words and or numbers repeatedly), and you should make sure your wordpress login and hosting/ftp login are not based on them. If in doubt, change them. I use 1password to manage all my logins, which means I can use very complex passwords without having to remember them or write them down.
4. Have you received any kind of preliminary attack?
Almost all companies that have received emails like this have not experienced any downtime beforehand. If a hacker is serious, they will certainly let you know by displaying their ability to attack your site up front. Or they may include sensitive information in the email that proves they have access to your records. If this IS the case, in addition to contacting your host you should also report this crime to the relevant authority – in the UK it’s the Cyber Crime Reporting Centre.
5. Do not reply to the email
Whatever you do, do not reply. There is no conversation you can have with either a real hacker or a spammer that is going to help you.
6. Do not pay
This is probably the most important one. Believe it or not, huge sums have been paid to spammers by businesses afraid for their reputation and online presence. Most of these emails are complete fabrication and there are many poor businesses out there who have paid someone simply because they received a scary email that probably also went to 1,000 other recipients. Even if the email appears to be genuine – do not pay. Report the crime, lock down your systems and face the music. Some of the biggest companies have had their data compromised (Yahoo, Adobe). If you pay once, what’s to stop them asking you for money again?
I hope if you have received an email like this that I’ve managed to set your mind at rest. For most small to medium businesses it simply isn’t worth the computing power to target them. It’s one of the occasions where you can be thankful that your business hasn’t grown to behemoth proportions!
Stay safe online, and remember: always use complex passwords!