April 26, 2016 by

DDoS Extortionists Make $100,000 Without DDoS Attacks

In a clear indicator of the no-compromising lengths to which companies will venture to protect themselves from service outages via DDoS attacks, it has been revealed that extortionists have made over $100,000 by simply blackmailing organizations with the threat of DDoS attacks, without actually carrying them out.

In a new blog by prominent DDoS protection provider CloudFlare, it has been determined that a gang of cybercriminals who purport to be infamous DDoS extortionist hackers – Armada Collective, have made away with hundreds of thousands of dollars in extortion payments.

Over 100 businesses have been targeted around the world with emails that contain a threat and a ransom demand between 10 and 50 bitcoins (approximately $4,600 – $23,000.

“If you don’t pay [by the date], attack will start, yours service down down permanently [and] price will increase to 20 bitcoins from the first of the first ransomware threat,” the threat read while adding for good measure, “This is not a joke.”

While several bitcoin companies gave in to pay their demands, CloudFlare discovered several examples of multiple victims who were targeted at the same time period when they were asked to send the same amount to the same bitcoin address described. As Bitcoin is anonymous, there is no way for the attacker to tell those who paid the demands apart from those who haven’t.

Related read: DDoS Attacks Are up 149 Percent Toward End of 2015

An analyst from Bitcoin analysis firm Chainalysis revealed that upon studying the payments sent to the bitcoin addresses, more than $100,000 had been sent by the victims to attackers’ bitcoin addresses.

Following its own investigation, CloudFlare discovered no evidence of any DDoS attack having taken place as a result of the threats. Many of the original collective of malicious hackers belonging to the Armada Collective are currently imprisoned in Europe.

The original Armada Collective attackers routinely deployed attacks of up to 60 Gbps, although they claimed to have the ability to generate over 500Gbps attacks.

CloudFlare adds that not all DDoS extortion threats are empty. Without mentioning any names, the service insists that there are other groups who actually do follow through on their threats to launch attacks.

Image credit: Imgur.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

DDoS Attack Takes Down UK National Lottery Website

The UK National Lottery’s website and its associated mobile applications were knocked offline by...

Read more arrow_forward

DDoS Attacks Double with Corporate Data Under Threat

DDoS attacks are on the rise in 2017 with a third of all organizations facing at least one DDoS...

Read more arrow_forward

Lisa Bock on A New Twist on Ransomware - Internal DDoS

Lisa Bock is an associate professor of information technology at Pennsylvania College of Technology...

Read more arrow_forward