A group of copycat cybercriminals that appear to be pretending to be affiliated with more notorious threat actors are sending extortion letters threatening distributed denial of service (DDoS) attacks.
According to a report published this week by the Security Intelligence Research Team (SIRT) at Akamai, letters are being sent by threat actors claiming to be part of well-known cybercriminal rings such as Fancy Bear and Armada Collective. However, Steve Ragan, a security researcher for Akamai, said an analysis of the letters suggests the groups sending these letters are attempting to increase fear and dread among their potential victims by citing affiliation with cybercriminals that already have established notorious reputations.
In the extortion demands purporting to be from Armada Collective seen by Akamai, the ransom starts at 5 bitcoin and increases to 10 if the deadline is missed, with a 5-bitcoin increase for each day thereafter. In the letters allegedly from Fancy Bear, the ransom starts at 20 bitcoin, and increases to 30 if the deadline is missed, with 10 bitcoins added each additional day.
The letters are far from idle threats. The individuals threatening to launch DDoS attacks unless their bitcoin ransomware demands are met are capable of launching DDoS attacks, noted Ragan. The letters identify targeted assets at the victim’s organization and promise a small “test” attack to prove the seriousness of the situation.
Akamai is also aware of one 50Gbps attack targeted a customer on Akamai’s network. The traffic consisted of a UDP-based, ARMS protocol reflection attack. The number of reflectors used is unknown at this time. Some of the ransom letters claim to be able to launch 2Tbps attacks.
Regardless, Ragan said Akamai does not advise organizations to pay a ransom ..
Support the originator by clicking the read the rest link below.
