Cyber Criminals Threaten DDoS Attacks

… And email demands payment or criminals will take companies and their websites offline

Various website and cybersecurity administrators received emails over the past few days demanding that they pay one-fifth of a Bitcoin (currently about $780) in exchange for not facing a Distributed Denial of Service attack that would make their sites inaccessible to the public.

The emails - sent by a party calling itself "Phantom Squad" - appears to have been sent to hundreds, if not thousands, of companies worldwide.

The email demands that the recipient "FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!" and notes that the recipient's "network will be DDoS-ed starting Sept 30st 2017" if the firm does not satisfy the criminals' demand in advance.

It also notes that the price for terminating the attack once it starts will be 20 Bitcoin (about $78,000), going up by 10 Bitcoin ($39,000) per day until the fee is paid.

At this point, it is hard to know if the person or people behind the emails are the same as the party that launched various DDoS attacks in the past for which "Phantom Squad" has claimed responsibility. It could be the same party, or it could be someone leveraging the name to scare organizations into paying up.

In fact, anecdotally speaking, it seems that whoever is behind the present extortion attempts may not have the capabilities to deliver on his or her threat; typically, when someone threatens to carry out a DDoS attack, he or she will demonstrate possession of the relevant capabilities (by greatly increasing the traffic to the target site for a short period of time) before making a demand.
 
In the present case, however, the criminal(s) involved have apparently not demonstrated any prowess. Likewise, the lack of specific targets seems unusual for a DDoS threat. Furthermore, the present extortion email is not a new form of threat - it is similar in nature and content to prior threats, including some seen for several months last year that were signed by "Armada Collective."

That said, there have been criminal groups (for example, DD4BCm) that did follow through on threats of an attack when extortion demands were not met.

What should you do if you received the email?

Do not pay the criminals anything!

As alluded to above, there is good reason to believe that you will not suffer any adverse consequences: the threats have been sent to an unusually large number of unrelated parties and the criminals have not demonstrated that they can actually carry out their threats.

Furthermore, even if the threats are real, who is to say that paying the extorted amount now won't just cause the criminals to demand more in the future? Contacting the criminals is also unwise, why let them know that you received the email and are concerned?

Instead, make sure that you have DDoS protection in place. There are many firms that offer various forms of protection.

Inc.com:

 

« Social Media - 'Jargon-Busted'
Social Media & 21st-Century Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

EmergIn Risk

EmergIn Risk

EmergIn Risk specializes in providing innovative insurance solutions for the global marketplace including solutions for complex Cyber Risks.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

Early Warning Services

Early Warning Services

Early Warning Services identity, authentication and payment solutions empower financial institutions to make confident decisions, enable payments and mitigate fraud.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.