My website was hacked and ask for money

April 28, 2019 1.5k views
DigitalOcean Ubuntu 18.04

Hi 27/04/2019 i was hacked on internet from this gmail account zhieend@gmail.com, i dont know where to write for help so i found complaint.ic3.gov to report this hacker and find some help because DO is off dont helping.

Luçifeàr
zhieend@gmail.com
Header email
WRONG DECISION

Email
Have control of my droplet website 27/04 changed my emails, instagram, website all
We will leak and publicity your database on pastebin and smillar service if you don’t pay us $100 within 24 hours.
I responded to the email and Now i have received this email from the hacker
BTC : 1M8kz7cH23W1Uu71BfvwAgaRF7Ha5bXvNZ
PERFECT MONEY : U17639403
I cant delete the droplet i have clients what to do. Any recommendation pls..

1 comment
4 Answers
  1. Do you have a backup? If it’s not too old, restore the backup. Snapshot could be one option etc.
  2. You could use the services of sucuri or sitelock (check their websites and look for the “I was hacked” services or 911 as far as I know). It will be not cheap, but they could help.
  3. For the future, check out if you could migrate your clients to a droplet with Plesk - that you could get as a one-click app from the DO marketplace: https://marketplace.digitalocean.com/apps/plesk . It comes not only with many security features on all levels, but also for WordPress.
  4. In case you are using WordPress - make sure you keep your installations up2date, either through a tool like Plesk to automate it. But in general. :)

good luck!

if you have email back up. you can restore your websaite password from it.
for saite data you can restore it from your back up.

I don’t know why Digitalocena don’t help with this hacking email from today
I give you time 24hours from now to pay, if not I will publicity the database and make your server goes offline.

On Mon, Apr 29, 2019 at 1:21 AM Luçifeàr zhieend@gmail.com wrote:

Guys thanks 🙏 for your recommendations I will try all options yes I have backup but think he have full control over server.
Don’t know how find from where he are login.
Another question what’s pastebin he are threatening me whit pastebin ??

  • I don’t know why Digitalocena don’t help with this hacking email from today

    I can answer to that. It isn’t that we’re not sympathetic to the situation or anything like that. Rather, you have all of the resources to handle this in every way that it can be handled, and we have less of them. What we provide is root access to a server that you manage. If you upload a website that is vulnerable to compromise, or set a root password that someone else can get hold of, we do not stop you. These are the freedoms and responsibilities that exist when you have root access to a server.

    Anything that can be done at this stage will be personal to you. You can investigate logs, you can restore backups, you can secure your server. We cannot log in to your server for you, so we can do none of these things. You are 100% in control here and have all of the resources that exist. There is nothing that we, as your provider, can do for you that you cannot do for yourself.

    I hope that helps to understand the situation from our perspective.

The responsibilities is all yours! Digital Ocean only provided you droplet services.

There’s no good way dealing with hackers, If I were you I prefer to pay because he only ask for tiny money $100 not like ransomware hacker who usually ask for $10000.

By the way I saw recently this database leak like you said on pastebin https://pastebin.com/bSXdQZF2. Is this yours?

Always monitor your log access with tail -f, becareful because they can login to your server and destroy your important data.

I hope that helps

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!