Blackmailers threaten even though they have not yet had any DDoS attacks or (data) hostages: Blackmailers threaten financial companies and retailers with DDoS attacks if they do not pay. The blackmailers pose as one of the most notorious APT groups in the world in order to intimidate their victims.
In the past few weeks, cyber criminals have blackmailed organizations around the world with threats of distributed denial-of-service (DDoS) attacks, demanding thousands of dollars in bitcoins. The attackers targeted companies from the finance, travel and e-commerce sectors around the world. The ransom demands affect companies in the UK, United States and Asia Pacific.
According to ZDNet, the group is also behind a number of attacks against MoneyGram, YesBank, Braintree, Venmo and most recently against the New Zealand stock exchange, which had to cease trading for three days. In their ransom note, the blackmailers announce a "test attack" on certain resources to their victims in order to demonstrate the seriousness of their threat. The CDN service provider Akamai tracked the attacks and measured a bandwidth of almost 200 Gb per second in some DDoS attacks, compared to an attack previously directed at a customer "only" 50 Gb per second.
DDoS attacks as a threat
As part of their threat strategy, cybercriminals pose as notorious hacking groups such as Sednit (aka Fancy Bear) and Armada Collective. The activities of the former group have been the subject of extensive research by ESET.
The blackmailers contact their victims via email. They warn of an imminent DDoS attack if the ransom demanded is not paid in Bitcoin within a certain period of time. The ransom varies depending on which group of hackers you pretend to be. It ranges from 5 bitcoin (about $ 57.000) to 20 bitcoin ($ 227.000) and increases if the deadline is missed.
“Your reputation with your customers will be seriously damaged”
In order to increase the psychological pressure, the attackers describe the possible consequences: “... Your websites and related services will not be available to anyone. Please also note that this will seriously damage your reputation with your customers. [...] We will completely destroy your reputation and ensure that your services stay offline until you pay. (sic) “is an excerpt from a ransom note published by Akamai.
Indeed, reputational damage, in connection with downtime of websites and services, could cause loss of revenue in the millions for the companies concerned. But even if an affected company were to consider paying the ransom, it would have no guarantee that the hackers would stop their attacks afterwards; a quick payment could also lead to attacks on other companies.
Target protection against even stronger DDoS attacks
DDoS attacks, including extortionate ones, have been around for years. ESET security specialist Jake Moore advises organizations not to underestimate the threat: “It is clear that we should never take this threat lightly. Instead, we should now gear our protection towards even stronger DDoS attacks.
Find out more on the WeLiveSecurity blog at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.