A cybercrime group, which is known for masquerading as various APT groups, is active again with targeted attacks on U.S. companies. It is a DDoS extortion group, and this time, it came back with similar threats as before.
What's new?
According to Proofpoint, Fancy Lazarus has been sending threatening and targeted emails about Ransom DDoS (RDDoS) attacks by multiple organizations. Previously, the group was active in a major campaign spotted in October 2020.
Most of the targeted organizations in the recent attacks are found to be operating in multiple sectors such as energy, insurance, financial, public utilities, retail, and manufacturing.
The group is demanding a starting ransom of 2 BTC (at present evaluated at $75,000) to avoid a DDoS attack.
The extortion price doubles to 4 BTC after the specific deadline and increases by 1BTC every single day after that. In addition, most of these targets are found to be based in the U.S.
It’s hard to make a definitive connection, however, the timing of Fancy Lazarus campaigns is similar to high-profile ransomware attacks that happened in the past six months in the same industries.
The RDDoS attack
The attackers threaten the victim about a DDoS attack in seven days if the latter doesn’t pay up, and warns of potential damage to reputation. The group threatens to launch a small DDoS attack with an attack speed of 2Tbps.
The extortion emails are sent in plain text, HTML-based, or a letter in a JPG image, likely to avoid detection. Additionally, such emails are often sent to the help desk, administrative contacts, or customer service.
These ..
Support the originator by clicking the read the rest link below.
