Thief stole Florida company’s domain and asked for 10 bitcoin ransom.
A thief stole a domain name from an online auto parts company and demanded 10 bitcoin to get the domain name back.
Florida company XPort Auto Parts, Inc. woke up in the middle of last month to find that its domain name XPortAutoParts.com had been stolen and transferred from GoDaddy to Reg.ru. It received a ransom email stating:
Your domains were taken by me and your empty GoDaddy account was closed. As a result, your business stopped working. Your shop is nothing if you don’t have your trusted domain name.
While you’re reading this EMail, you’re losing orders and AdWords money, cuz I turned off your ECommerce platform on your website as you can see.
You made 400k$ Gross for the past 6 months, so my price of this and all other domains is 10BTC. It’s not a big deal for you, because you [expletive] up and [expletive] up hard…
Ten bitcoin is about $100,000 USD. When XPort Auto Parts got its GoDaddy account back (but not the domain), the thief raised the price to 20 bitcoin.
XPort Auto Parts sued (pdf) in Florida court, and a judge there issued a temporary restraining order (pdf) that requires Reg.ru to transfer the domain back to the victim’s GoDaddy account. If Reg.ru does not compy within 24 hours, .com registry Verisign is ordered to comply. [Update: The domain is now back at GoDaddy as of 9/13.]
While the auto parts company will still have to litigate the matter, the legal strategy asking for a temporary restraining order and getting the domain back this quickly is something I haven’t seen in a while. Assuming Verisign views this as a valid court order, this was a shrewd move.
Why do these hijacked names always seem to end up in the .ru area…
At least as long as Verisign handles the .com namespace US court orders are easy to comply…
More often to China than Russia
Probably because the Chinese buy from the Russian hackers. Chinese are negligent on DD and these hijacked domains are often priced to sell.
24 hours? The slowpokes at Reg.ru can’t even provide a single response during this time frame. You have to wait for longer when you submit a support ticket and the phone support is close to nonexistent. This whole thing is too cruel towards them. They are going to get hurt not because they are unwilling to cooperate, but just because.
Registrars that don’t comply and the last theft of domains should be closed down by the central registry and lose all of their business in the country of origin
How can a hacker steal/transfer a name from go Daddy? Do they figure out the password? Doesn’t go Daddy automatically email the registered owner?.
What’s the best way to protect yourself?
A lot of times they will crack your email. Other times, if you use the same password at other sites that have been compromised, they’ll use that.
The best way to protect yourself is to use a unique password and two-factor authentication, both with your email provider and registrar.
Seems you don’t much about the domain names. Domain password is not the password you can set and it is always unique for each one
Who said something about a ‘domain password’? I’m talking about the password you use to log in to your account.
These are scammers. Read about them in the comments. They bill 70 times more. And as a result, you are without a site. Or, if you do not register immediately, after a while you will buy a domain more expensive.
I can not attach a screenshot of this site. But Godaddy works like that in Russia. And pays huge taxes in Arizona)) The poor feed the rich))
My law firm handled this case, we got the domain back.
Better approach is to immediate file a UDRP. It immediately locks the domain – same as a TRO but no need to prove anything. Then if needed proceed with litigation – much more expensive but needed perhaps if NS has been changed.
But they got it back within about a week, and the court ordered Verisign to transfer it…so wouldn’t matter much if they moved the domain elsewhere.
Anything.ru is like advertising that you have oceanfront property in Arizona.