Armada Collective: DDoS Blackmailers Attack the Hosting Industry
Link11 is cautioning hosting providers to beware of a new wave of DDoS blackmail attacks by the Armada Collective. As recently as mid-August, attackers using the name Fancy Bear used DDoS attacks to put pressure on operators of critical infrastructure and financial services.
A fresh crop of blackmailers is now threatening companies in Europe with DDoS attacks. Hosting providers and data center operators in particular have received blackmail letters from a group called the Armada Collective. According to the Link11 Security Operations Center (LSOC), the threat to unprotected companies is real, as the perpetrators have already launched high-volume warning attacks at several Gbps. In exchange for a payment of 10 Bitcoins (98,000 Euro, as of 31.08.2020), they promise to stop the attacks against the IP addresses mentioned in the blackmailer's mail. If payment is not received, they threaten to launch attacks of up to 2 Tbps in bandwidth.
DDoS blackmail is a global phenomenon
It was only in mid-August that the LSOC registered a global wave of DDoS blackmail attacks against operators of critical infrastructure, especially in the financial sector. The perpetrators called themselves "Fancy Bear". The LSOC says it’s unclear whether Fancy Bear and Armada Collective are the same perpetrators. While the extortion letters differ in wording and the ransom amount, both senders use the same e-mail provider. The two groups have been linked to long-running DDoS attacks on the New Zealand Stock Exchange. They are also said to be responsible for blackmailing PayPal and MoneyGram.
Corona pandemic increases DDoS attack risk
Various groups claiming to be Armada Collective or Fancy Bear are using the names to make money. Some of them are professionals, others are just copycats. In light of the current incidents, the LSOC is emphasizing the concrete threat: the attacks, which are launched to show off the criminals’ technical attack capabilities, pose a grave threat to insufficiently protected companies. Link11 is advising blackmailed companies to take the situation seriously. They should quickly and decisively protect their IT infrastructure against DDoS attacks to avoid damage from online blackmailers.
Learn more about Link11 DDoS Mitigation
The danger posed by DDoS attacks has become even more acute because of the sharp increase in home-office work and telework during the Corona pandemic. Since many employees are now working full- or part-time in home offices, new digital targets have emerged. If, over the long term, employees stay at home everywhere and dial into their accustomed working environment via VPN servers, corporate IT will have new security challenges to deal with. Downtimes – for example, of VPN services – can cause large-scale production losses. Another wrinkle in the threat situation is that DDoS attacks can be used as a smokescreen for more extensive cyber-campaigns. Only recently, the car manufacturer Tesla was the target of a ransomware campaign that was successfully thwarted by the US law enforcement authorities. The accused admitted that they wanted to use a DDoS attack as a smokescreen tactic.
In the Link11 DDoS Report for the first half of 2020, Link11’s security experts summarize the new threats facing companies and their accelerated digital transformation plans in the era of Covid-19.
Current articles
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
Allianz: More than 600 million Euros in losses due to Cyber-Extortion via #DDoS Attacks and #Ransomware.…
2 Retweets 0
Read MoreWhat does the end of the Privacy Shield means really for CDN users? Things have changed dramatically regarding data…
1 Retweets 2
Read MoreRT @CSOonline: How #DDoS attacks are evolving — Denial-of-service attacks have been part of the criminal toolbox for 20 years, and they’re…
8 Retweets 0
DDoS attacks and ransomware lead to increasing losses from cyber extortion. Our new blog article takes a detailed l…
3 Retweets 0
Read MoreRT @MarcWilczek: The average cost of a #databreach equals $116 million. Sensitivity of customer information and time-to-detection determine…
6 Retweets 0
Our COO Marc Wilczek takes a look at the current security situation and explains why the threat is not only omnipre…
3 Retweets 1
Read MoreRT @MarcWilczek: 639 #cybersecurity breaches at public comps analyzed, #malware (34%), #phishing (25%), & unauthorized access (20%) were th…
5 Retweets 0
RT @MarcWilczek: #Link11 keeps hiring and expanding. With great pleasure, I want to warmly welcome both Susan Herrmann and Peter Hoeld on b…
6 Retweets 0
Valentine's day is just around the corner! Our latest blog post takes a look at the challenges, threats and potenti…
3 Retweets 2
Read Morehttps://t.co/Z9lFjVwVs5 Fresh from the press. ⭐ With the acquisition of DOSarrest Internet Security LTD, we are loo…
2 Retweets 8
Read MoreA simple visualization of how the Underground Cybercrime Economy cashes in on data and DDoS attacks. To learn more,…
9 Retweets 10
Read More