News

Fraudsters blackmail companies with DDoS attacks and impersonate Fancy Bear

ZDNet reported that unknown scammers impersonate the Russian-speaking hacking group Fancy Bear and blackmail financial sector organizations, threatening them with DDoS attacks. Also victims of extortion were companies operating in the entertainment and retail business.

One of the readers told reporters about the blackmailers, and soon this information was confirmed by specialists from Link11 and Radware, which provide services for protection against DDoS attacks.

“Attacks started last week and targeted the financial vertical. The group is launching large scale, multi-vector demo DDoS attacks when sending victims the ransom letter”, — Daniel Smith, Radware ERT researcher said.

Daniel Smith

A Link11 spokesman said the same thing, adding that the purpose of these demonstration attacks is to serve as an initial warning and intimidation factor to convince victims of the need for ransom payments.

Interestingly, unlike other similar cases, the threats of hackers are not entirely groundless. Analysts confirm that the group is actually launching multi-vector DDoS demonstration attacks on companies when it requires a ransom from them.

“These demo attacks use a mixture of different protocols, including DNS, NTP, CLDAP, ARMS and WS-Discovery”, – said Link11 Specialist Thomas Pohle.

Thomas Pohle

According to a ransomware message that cybercriminals send to their targets, fake Russian hackers are demanding 2 Bitcoins, which equals approximately $ 15,000 at the current rate. Otherwise, if companies do not pay within a week, they are threatened with powerful and long-term DDoS’s. So far, no such subsequent attacks have been recorded.

According to experts, extortionists study and choose their goals in advance. The fact is that, according to Paul, DDoS attacks are not aimed at company sites, but at their internal servers, which usually do not have protection against DDoS attacks and are idle as a result of such “close attention” from criminals.

Researchers note that ransom letters sent by cybercriminals are almost identical to other ransomware messages used by other scammers in 2017 who also pretended to be Fancy Bear.

Read also: More than half of industrial enterprises still use outdated OS

Recall that 2015-2017 could generally be called the heyday of extortive DDoS attacks and imitators of famous hack groups. For example, then imitators impersonated the Armada Collective group, as well as such notorious groups as Anonymous, LulzSec, Hackers New World, Lizard Squad and Fancy Bear.

Ultimately, this activity practically stopped, as the victims of the blackmailers realized that most of the extortionists did not have “firepower” to translate their threats into life and organize real DDoS attacks. Unlike those imitators, the attackers who now pretend to be Fancy Bear seem to have a real botnet at their disposal, although its capabilities are still unclear.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

2 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

2 days ago