A popular horse racing website (Racingpulse.in) that operates out of Bangalore, India was reportedly hacked on Tuesday. The hackers posted a statement on the home page informing that the entire data on the website has been encrypted. As is the norm, they also informed about what they expected as ransom. The ransom note suggested that they were expecting ransom amount in Bitcoins while the amount to be paid was not disclosed clearly.
The message also included an email address for further communication, which was registered at india.com. The hackers offered Racingpulse.in an unimaginable favor by providing decryption key of a maximum of three files which should not be more than 10mb in size for free. This was probably done to prove that they did hack all the files on the site. The note read:
“All your files have been encrypted: All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail email@example.com, You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files. “Free decryption as a guarantee: Before paying you can send to us up to 3 files for free decryption. Please note that files must NOT contain valuable information, and their total size must be less than 10Mb.”
The hackers seem to be rather concerned about getting the facts straightly laid out, which is why they also included information on “How to obtain Bitcoins” in the ransom note with detailed guidelines on which site to access, how to register and buy bitcoins using a certain payment method. The message contained a link to the beginners’ guide to Bitcoins too.
“How to obtain Bitcoins: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price. https://localbitcoins.com/buy-bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/”, the note added.
The ransomware used in this attack is a new version of Dharma Ransomware Trojan. In the ransom note, hackers have provided the email address firstname.lastname@example.org, which is a contact email for the victims to facilitate communication with them. According to security researchers, this new version of Dharma works just like the older version using unsolicited emails. These emails contain social network logos, bank information, payment portals and an option to download and open a file.
According to the website’s editor Sharan Kumar, this is the third hack attack suffered by Racingpulse.in within a week. The previous two attacks were countered by using backup files, said Kumar.
Kumar also revealed that their website’s servers are located in the USA but the never-ending hacking spree proves that the internet is not safe anywhere. “We have now decided to move to another server in the hope of better security, it may take a day for the site to be up and running,” revealed Kumar.
At the time of publishing this article, the targeting website was down. However, in case your website or servers are infected with ransomware don’t forget to contact ‘No More Ransom’ Anti-Ransomware portal developed to unlock victims’ files for free.