en
Back to the list

How to combat a password-leaking website without paying ransom

15 April 2018 21:00, UTC

The new ransomware website (URL unspecified because the media outlets posting reports care about the readers) is largely copying the popular Have I Been Pwned database. Leaked passwords are openly demonstrated, and the unknown owners demand cryptocurrency (BTC, BCH, ETH and other coins) in exchange for deletion.

The most obvious and efficient way to deal with this security breach is to immediately change the password on all jeopardized accounts — and to further ensure the safety of them, one should update security data on a regular basis. After this happens, the password leaking through various channels become obsolete and the efforts of criminals to get money will vanish.

This website, as suggested by other reports, has quickly installed a mining virus once the owners recognized the increase of its popularity. For unknown reasons, the search engine has also stopped working. Even despite the very probable closure of the malicious platform in the near future, other sites like this may appear later.

Originally, big lists of usernames and passwords are coming from Darknet marketplaces and torrents. This case is no different — as reported by security observers, the data posted on the website strikingly resembles one of such archives.