Fraudsters blackmail companies with DDoS attacks and impersonate Fancy Bear

ZDNet reported that unknown scammers impersonate the Russian-speaking hacking group Fancy Bear and blackmail financial sector organizations, threatening them with DDoS attacks. Also victims of extortion were companies operating in the entertainment and retail business.

“Attacks started last week and targeted the financial vertical. The group is launching large scale, multi-vector demo DDoS attacks when sending victims the ransom letter”, — Daniel Smith, Radware ERT researcher said.

A Link11 spokesman said the same thing, adding that the purpose of these demonstration attacks is to serve as an initial warning and intimidation factor to convince victims of the need for ransom payments.

Interestingly, unlike other similar cases, the threats of hackers are not entirely groundless. Analysts confirm that the group is actually launching multi-vector DDoS demonstration attacks on companies when it requires a ransom from them.

“These demo attacks use a mixture of different protocols, including DNS, NTP, CLDAP, ARMS and WS-Discovery”, – said Link11 Specialist Thomas Pohle.

According to a ransomware message that cybercriminals send to their targets, fake Russian hackers are demanding 2 Bitcoins, which equals approximately $ 15,000 at the current rate. Otherwise, if companies do not pay within a week, they are threatened with powerful and long-term DDoS’s. So far, no such subsequent attacks have been recorded.

According to experts, extortionists study and choose their goals in advance. The fact is that, according to Paul, DDoS attacks are not aimed at company sites, but at their internal servers, which usually do not have protection against DDoS attacks and are idle as a result of such “close attention” from criminals.

Researchers note that ransom letters sent by cybercriminals are almost identical to other ransomware messages used by other scammers in 2017 who also pretended to be Fancy Bear.

Read also: More than half of industrial enterprises still use outdated OS

Recall that 2015-2017 could generally be called the heyday of extortive DDoS attacks and imitators of famous hack groups. For example, then imitators impersonated the Armada Collective group, as well as such notorious groups as Anonymous, LulzSec, Hackers New World, Lizard Squad and Fancy Bear.