Cyber Criminals Threaten DDoS Attacks

Uploaded on 2017-10-24 in FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

… And email demands payment or criminals will take companies and their websites offline

Various website and cybersecurity administrators received emails over the past few days demanding that they pay one-fifth of a Bitcoin (currently about $780) in exchange for not facing a Distributed Denial of Service attack that would make their sites inaccessible to the public.

The emails - sent by a party calling itself "Phantom Squad" - appears to have been sent to hundreds, if not thousands, of companies worldwide.

The email demands that the recipient "FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!" and notes that the recipient's "network will be DDoS-ed starting Sept 30st 2017" if the firm does not satisfy the criminals' demand in advance.

It also notes that the price for terminating the attack once it starts will be 20 Bitcoin (about $78,000), going up by 10 Bitcoin ($39,000) per day until the fee is paid.

At this point, it is hard to know if the person or people behind the emails are the same as the party that launched various DDoS attacks in the past for which "Phantom Squad" has claimed responsibility. It could be the same party, or it could be someone leveraging the name to scare organizations into paying up.

In fact, anecdotally speaking, it seems that whoever is behind the present extortion attempts may not have the capabilities to deliver on his or her threat; typically, when someone threatens to carry out a DDoS attack, he or she will demonstrate possession of the relevant capabilities (by greatly increasing the traffic to the target site for a short period of time) before making a demand.
 
In the present case, however, the criminal(s) involved have apparently not demonstrated any prowess. Likewise, the lack of specific targets seems unusual for a DDoS threat. Furthermore, the present extortion email is not a new form of threat - it is similar in nature and content to prior threats, including some seen for several months last year that were signed by "Armada Collective."

That said, there have been criminal groups (for example, DD4BCm) that did follow through on threats of an attack when extortion demands were not met.

What should you do if you received the email?

Do not pay the criminals anything!

As alluded to above, there is good reason to believe that you will not suffer any adverse consequences: the threats have been sent to an unusually large number of unrelated parties and the criminals have not demonstrated that they can actually carry out their threats.

Furthermore, even if the threats are real, who is to say that paying the extorted amount now won't just cause the criminals to demand more in the future? Contacting the criminals is also unwise, why let them know that you received the email and are concerned?

Instead, make sure that you have DDoS protection in place. There are many firms that offer various forms of protection.

Inc.com:

 

« Social Media - 'Jargon-Busted'
Social Media & 21st-Century Warfare »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.