One cybercriminal gang has resorted to a mafia-style protection racket to obtain money, although it would appear that businesses are being sent empty DDoS threats. While many companies have sent money to the criminal gang, which claims to be the Armada Collective, there is no evidence to suggest that the gang is following through on its threat of conducting a largescale Distributed Denial of Service attacks.
Empty DDoS Threats Still Proving Lucrative for Attackers
The gang has been sending emails to businesses threatening them with a powerful DDoS attack if they do not send protection money to the gang. The demands appear to range from 10 to 50 Bitcoin and over 100 organizations have given in to the attackers demands according to DDoS mitigation vendor CloudFlare. So far the gang has gathered around $100,000 in payments, yet no DDoS attacks have been conducted.
Armada Collective is the name of a hacking group already known to conduct massive DDoS attacks. The emails claim that the gang is able to deliver a DDoS attack in excess of 1 Tbps per second. The group also claims to be able to bypass security controls set up to protect against DDoS attacks. In case recipients of the email are in any doubt as to who the attackers are and what they are capable of, they are advised to conduct a search on Google. Armada Collective has been known to conduct DDoS attacks up to 500 Gbps.
Are the Latest Emails from a Copycat Group?
According to CloudFlare, it may not be a case of the hackers not having the capability to pull off a large scale DDoS attack on companies that do not pay, rather the attackers may not be able to tell who has paid and who has not. The emails are reusing Bitcoin addresses so there is no way of confirming which companies have paid. Emails are also being sent containing the same text and payment demands, regardless of the size of the organization.
However, the empty DDoS threats or not, many companies are unprepared to take the risk and have paid between $4,500 and $23,000 to stop the attacks.
CloudFlare suspects that the extortionists are not who they claim to be. The Armada Collective has not been conducting attacks for some time. CloudFlare researchers believe that the group has been operating under a different name – DD4BC. However, suspected members of that group have been arrested as part of Operation Pleiades last year – an International effort to bring down hacking groups that have been conducting DDoS attacks.
The group behind this campaign may well be imposters, although many hackers send out threats of DDoS attacks along with demands for payment. Some of those attackers are more than willing to follow through on the threats and have the capability to launch attacks.
It is never a good idea to give into attackers’ demands, but it is important to ensure that protections have been put in place to resist DDoS attacks and to seek advice before taking any action if an email demand is received.