Cyber Criminals Threaten DDoS Attacks

… And email demands payment or criminals will take companies and their websites offline

Various website and cybersecurity administrators received emails over the past few days demanding that they pay one-fifth of a Bitcoin (currently about $780) in exchange for not facing a Distributed Denial of Service attack that would make their sites inaccessible to the public.

The emails - sent by a party calling itself "Phantom Squad" - appears to have been sent to hundreds, if not thousands, of companies worldwide.

The email demands that the recipient "FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!" and notes that the recipient's "network will be DDoS-ed starting Sept 30st 2017" if the firm does not satisfy the criminals' demand in advance.

It also notes that the price for terminating the attack once it starts will be 20 Bitcoin (about $78,000), going up by 10 Bitcoin ($39,000) per day until the fee is paid.

At this point, it is hard to know if the person or people behind the emails are the same as the party that launched various DDoS attacks in the past for which "Phantom Squad" has claimed responsibility. It could be the same party, or it could be someone leveraging the name to scare organizations into paying up.

In fact, anecdotally speaking, it seems that whoever is behind the present extortion attempts may not have the capabilities to deliver on his or her threat; typically, when someone threatens to carry out a DDoS attack, he or she will demonstrate possession of the relevant capabilities (by greatly increasing the traffic to the target site for a short period of time) before making a demand.
 
In the present case, however, the criminal(s) involved have apparently not demonstrated any prowess. Likewise, the lack of specific targets seems unusual for a DDoS threat. Furthermore, the present extortion email is not a new form of threat - it is similar in nature and content to prior threats, including some seen for several months last year that were signed by "Armada Collective."

That said, there have been criminal groups (for example, DD4BCm) that did follow through on threats of an attack when extortion demands were not met.

What should you do if you received the email?

Do not pay the criminals anything!

As alluded to above, there is good reason to believe that you will not suffer any adverse consequences: the threats have been sent to an unusually large number of unrelated parties and the criminals have not demonstrated that they can actually carry out their threats.

Furthermore, even if the threats are real, who is to say that paying the extorted amount now won't just cause the criminals to demand more in the future? Contacting the criminals is also unwise, why let them know that you received the email and are concerned?

Instead, make sure that you have DDoS protection in place. There are many firms that offer various forms of protection.

Inc.com:

 

« Social Media - 'Jargon-Busted'
Social Media & 21st-Century Warfare »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

International Association of Professional Security Consultants (IAPSC)

International Association of Professional Security Consultants (IAPSC)

Members of the IAPSC represent a unique group of respected, ethical and competent security consultants.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.