Cyber Criminals Threaten DDoS Attacks

… And email demands payment or criminals will take companies and their websites offline

Various website and cybersecurity administrators received emails over the past few days demanding that they pay one-fifth of a Bitcoin (currently about $780) in exchange for not facing a Distributed Denial of Service attack that would make their sites inaccessible to the public.

The emails - sent by a party calling itself "Phantom Squad" - appears to have been sent to hundreds, if not thousands, of companies worldwide.

The email demands that the recipient "FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!" and notes that the recipient's "network will be DDoS-ed starting Sept 30st 2017" if the firm does not satisfy the criminals' demand in advance.

It also notes that the price for terminating the attack once it starts will be 20 Bitcoin (about $78,000), going up by 10 Bitcoin ($39,000) per day until the fee is paid.

At this point, it is hard to know if the person or people behind the emails are the same as the party that launched various DDoS attacks in the past for which "Phantom Squad" has claimed responsibility. It could be the same party, or it could be someone leveraging the name to scare organizations into paying up.

In fact, anecdotally speaking, it seems that whoever is behind the present extortion attempts may not have the capabilities to deliver on his or her threat; typically, when someone threatens to carry out a DDoS attack, he or she will demonstrate possession of the relevant capabilities (by greatly increasing the traffic to the target site for a short period of time) before making a demand.
 
In the present case, however, the criminal(s) involved have apparently not demonstrated any prowess. Likewise, the lack of specific targets seems unusual for a DDoS threat. Furthermore, the present extortion email is not a new form of threat - it is similar in nature and content to prior threats, including some seen for several months last year that were signed by "Armada Collective."

That said, there have been criminal groups (for example, DD4BCm) that did follow through on threats of an attack when extortion demands were not met.

What should you do if you received the email?

Do not pay the criminals anything!

As alluded to above, there is good reason to believe that you will not suffer any adverse consequences: the threats have been sent to an unusually large number of unrelated parties and the criminals have not demonstrated that they can actually carry out their threats.

Furthermore, even if the threats are real, who is to say that paying the extorted amount now won't just cause the criminals to demand more in the future? Contacting the criminals is also unwise, why let them know that you received the email and are concerned?

Instead, make sure that you have DDoS protection in place. There are many firms that offer various forms of protection.

Inc.com:

 

« Social Media - 'Jargon-Busted'
Social Media & 21st-Century Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.