badtouchyonqysm3.onion Equifax Hack Ransom Request Site

The alleged equifax hackers have declared their ransom with the following website posted on a darknet tor page:

badtouchyonqysm3.onion – As gathered from the tor browser:

 EQUIFAX DATABASE Personally identifying information (included Social Security numbers, birth dates, addresses and driver’s license numbers) of more than 140 million people. More than 200000 credit card numbers.

 

 How can we verify that you have the information? Request a specific part or a specific data from an email that corresponds to Equifax and we will send it to you. We can also accept escrow from an unbiased third party (a hidden market).

 How much? Equifax executives sold 3 million dollars in shares taking advantage of their insider information after the attack. We believe that 600 BTC is a fair amount. Bitcoin If we do not receive the payment, the information will be published here on September 15th 4:00 pm UTC.

Contact Us Page:

 Contact Us Only questions of the managers and employees of Equifax will be answered. We will help you with your security after paying. We may change the email so save our PGP key.

In the source code of the website, it is declared:

 The synthesized database will be published on September 15. Contact me: pasthole@national.shitposting.agency

The ransom request requires Payment of 600 BTC to:

Bitcoin Payment Address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy
Bitcoin Ransom Payment Address

 

The site may be hosted by onionsnjajzkhm5g.onion /  dhosting4okcs22v.onion – a free tor website hosting service. According to their records, the site was added to their list on the morning of September 8th. The smtp servers (email servers) of the badtouch site point to dhosting4okcs22v.onion, but they may be using dhosting only as an email service.

INFO: Found SMTP Banner: 220 dhosting4okcs22v.onion ESMTP Postfix (Debian/GNU)
(f1f8f082294b8cabe944250a081f5e528cd8f251)

onionsnjajzkhm5g.onion Listing
onionsnjajzkhm5g.onion Listing

 

The website seems to be using a template sourced from http://www.omnisourceit.com/nh_web_design_samples/guardian/guardian/

I’ve reached out to OmniSourceIT to see if they can provide further information on who may have downloaded the template.

Leave a Reply

Your email address will not be published. Required fields are marked *