Akamai experts have warned of a new wave of DDoS ransomware. Blackmailers threaten companies with DDoS attacks and pretend to be well-known hacker groups such as the Fancy Bear and the Armada Collective.
According to experts, ransomware attacks began about a week ago, and they are targeting all areas, including the financial sector and retail sales. Similarly to the DDoS ransomware of the previous years, attackers contact companies and warn them of an impending DDoS attack that would happen if the victim company does not pay the ransom.In some cases, attackers also write that ransomware needs to be kept secret, otherwise they threaten to launch a DDoS attack immediately.
“If you report this to the media and try to get free advertising using our name instead of paying, the attack will start immediately and will last for a very long time”, — warn attackers that pretend to be Armada Collective.
The group calling itself the Armada Collective is demanding a ransom of 5 BTC (or 10 BTC after the scheduled time). Hackers warn that the amount will increase by 5 BTC per day until the ransom is paid.
In turn, the attackers, who call themselves Fancy Bear, demand 20 BTC as a ransom (or 30 BTC after the scheduled time). After that, the amount will increase by 10 BTC every day.
Moreover, in the messages, the blackmailers claim that they are capable of arranging DDoS attacks with a capacity of up to 2 Tbit/s.
These groups are, of course, just copycats and have nothing to do with the real Fancy Bear and the Armada Collective. These criminals use the reputation of well-known hack groups only as a means of intimidation, so that victims are more willing and faster to pay ransom. In fact, these hackers may be unable to launch even a weak DDoS attack”, – say Akamai experts.
Let me remind you that the extortionist group Armada Collective was known about five years ago (in 2015-2016) and has many imitators that exploited its name to intimidate victims.
In turn, Fancy Bear (aka APT28, Strontium, Pawn Storm, Sofacy, and so on) is a well-known and still active Russian-speaking hack group that researchers have long associated with the Russian intelligent services, namely the 85th main center the GRU special service.
Microsoft cybersecurity specialists said that hackers from Fancy Bear attacked anti-doping organizations after it became clear that many Russian athletes use doping. Microsoft also warned that Fancy Bear cybercriminals are attacking IoT devices to deploy on corporate networks.
