Last week one of our Enterprise customers reported that they had received an email threatening them with a DDos attack on their allegedly vulnerable servers if one bitcoin (about US$600) were not paid to them. Furthermore, to force a greater sense of panic, there was a threat of spreading nasty ransomware on their network.
The extortionary email resembled the following:
It turns out that this so called "Armada Collective" group has made similar ransom demands in the past, and the threat has always turned out to be fake to date. No occurrence of an actual DDos attack has yet been reported by the Enterprise customer who received the aforementioned threat or by any of our other customers.
Of course there are real world examples of DDoS attacks which target businesses but the attackers’ modus operandi is typically different from that described above. Historically many DDoS attacks have taken place without prior warning and without a ransom demand.
If any of our customers or any other businesses receive threatening messages of the form shown above we recommend that you do not panic as there is no proof of an actual attack by these scaremongering cyber criminals disguised as “Armada Collective”. There is certainly no need to pay the ransom demanded. Instead we recommend that you implement adequate boundary-level protection for your servers and network, and assess/pen-test the servers for potential vulnerabilities to be identified and mitigated against ASAP.
Image courtesy of newspeechtopics.com
K7 Threat Control Lab
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/