An unidentified hacker has hijacked a domain name from XPort Auto Parts, a Florida-based online auto parts company, closing its hosting provider’s account and demanding 10 Bitcoins (BTC) from the victim to acquire the domain name back.
According to the legal documents, XPort Auto Parts, Inc. acquired a temporary restraining order precluding the domain name xportautoparts.com from being transferred from its current host.
The company received a ransom email sent by the unknown financially-motivated hacker:
The hacker gave XPort Auto Parts, Inc. 48 hours to pay the ransom fee. One Bitcoin in mid-August was worth approximately $10,000 (USD). At the time, ten Bitcoins were worth roughly $100,000 (USD).
The domain name was initially hosted on GoDaddy US servers, but the hacker transferred the domain to the Russia-based domain name registrar and hosting provider Reg.ru. Presently, the server location of the domain name is Russia.
Domain Whois records indicate that the registered address of the unidentified hacker or group of hackers that stole the domain name is in the United States. However, this is unlikely to be real since the hacker may have utilized a stolen identity to obscure their true identity.
Based on examining the Bitcoin ransom note, the hacker has clearly conducted reconnaissance on the Florida-based online auto parts company prior to hijacking the e-commerce domain. For instance, the unknown hacker revealed that between February and August 2019, the company had made roughly $400,000.
The hacker has implied that XPort Auto Parts, Inc. was not their only victim, indicating that the average Bitcoin ransom rate is roughly 25% of gross sales.
In contrast with ransomware attacks where hackers point to relevant resources that the victims might utilize to obtain a primer on using Bitcoin, this hacker evidently understood that the target was cryptocurrency-savvy as they referred to the victim’s Binance cryptocurrency exchange account in the Bitcoin ransom note.
The online auto parts company did not pay the hacker and ultimately requested the assistance of the GoDaddy managing to acquire the hosting accounting back successfully. Nevertheless, the domain name remained in possession of the hacker.
Accordingly, the hacker reduced the time whereby the Bitcoin ransom would have to be paid to 24 hours. Moreover, the hacker wanted to raise the ransom fee to 20 Bitcoins (BTC) if the victim did not contact the hacker by the deadline.
After six days, the Florida-based online auto parts company did not pay the ransom, and the disappointed hacker illustrated their discontentment.