Another wave of DDoS extortion by Fancy Lazarus. Warning of acute ransomware DDoS attacks against companies across Europe and North America on behalf of Fancy Lazarus.
The Link11 Security Operations Center (LSOC) has recently observed a sharp increase in Ransomware Distributed Denial of Service (RDDoS or RDoS) attacks. With the sender Fancy Lazarus, companies from various economic sectors receive blackmail emails in which 2 Bitcoins (currently around 66.000 euros) are demanded: “It's a small price for what will happen when your whole network goes down. Is it worth it? You decide! ”, Argue the blackmailers in their email. So far, the LSOC has received reports of RDoS attacks from several European countries such as Germany and Austria as well as from the USA and Canada.
Procedure of the DDoS extortionists
The perpetrators find out in advance about the company's IT infrastructure and provide clear information in the extortion mail about which servers and IT elements they will attack for the warning attacks. As leverage, the attackers launch demo attacks that sometimes last several hours and are characterized by high volumes of up to 200 Gbps. In order to reach these attack bandwidths, the perpetrators use reflection amplification vectors such as DNA. If the requirements are not met, there is a risk of massive high-volume attacks of up to 2 Tbps. The company has 7 days to transfer the bitcoins to a specific bitcoin wallet. The email also states that the ransom would increase to 4 bitcoin as the payment period expires and increase by one bitcoin with every additional day. In some cases, the announced attacks do not take place after the ultimatum has expired. In other cases, there is considerable disruption to the blackmailed companies.
Alleged perpetrators have made headlines around the world
The perpetrators are no strangers. In autumn 2020, payment providers, financial service providers and banks all over the world were blackmailed with an identical ransom disc and covered with RDoS attacks (Ransom Denial of Service). Hosting providers, e-commerce providers and logistics companies were also the focus of the blackmailers. At that time they operated under the name Lazarus Group and Fancy Bear or passed themselves off as the Armada Collective. The defaults on the New Zealand stock exchange that lasted several days are also attributed to the perpetrators.
The renewed wave of blackmailers hits many companies at a time when a large part of the workforce is still organized via remote working and is dependent on unrestricted access to the company network. Marc Wilczek, Managing Director of Link11: “The express digitization that many companies have gone through in the past months of the pandemic is often not yet 100% secured against attacks. The attack surfaces have risen sharply, and IT is not sufficiently hardened. The perpetrators know exactly how to use these open flanks. "
More at Link11.com
Via Link11
Link11 is the leading European IT security provider in the field of cyber resilience, with headquarters in Germany and worldwide locations in Europe, North America, Asia and the Middle East. The cloud-based security services are fully automated, react in real time and repel all attacks, both known and new patterns, guaranteed in less than 10 seconds. According to the unanimous opinion of analysts (Gartner, Forrester), Link11 offers the fastest detection and defense (TTM) available on the market. The Federal Office for Information Security (BSI) identifies Link11 as a qualified DDoS protection provider for critical infrastructures.