How Cloudflare CEO Matthew Prince unintentionally Boosts DDoS Ransom Mails

Just recently the US DDoS protection vendor Cloudflare has been criticized for protecting the sites of DDoS extorters. Now a new good meant blog post flooding the internet has caused copycats hoping for a fast buck to blackmail companies as well.

Frankfurt, April 29th 2016 – On April 25th 2016 Cloudflare’s CEO Matthew Prince issued a blog post about the apparent DDoS extorters Armada Collective in which he called their threats empty: Without attacking the extorters ran away with 100.000 USD.

Link11 has information that new extorters have emerged which have been influenced by the news of these ‘empty threats’ that has taken over the internet by storm. Now end of this week the first large e-commerce businesses in Germany with a sales volume of a triple-figure million value have received an extortion mail in the name of the well-known hacker group Lizard Squad. Reports show that this group has been active in the UK as well and sent extortion mails to businesses there. Here is a short excerpt from one of these mails:

"We are the Lizard Squad and we have chosen your website/network as target for our next DDoS attack. Please perform a google search for "Lizard Squad DDoS" to have a look at some of our previous "work". All of your servers will be subject to a DDoS attack starting at Tuesday the 3rd of May. ... We are willing to refrain from attacking your servers for a small fee. The current fee is 5 Bitcoins (BTC). The fee will increase by 5 Bitcoins for each day that has passed without payment."

Onur Cengiz, Head of LSOC:

“It is very unusual for Lizard Squad to sent out these kind of extortion mails. That is why we began with our research and have come to a surprising conclusion: The extortion mails have not been sent using anonymous mailing services. They were sent from a domain that has been only registered this week, or more precisely 2 days after the Cloudflare blog post, by a person located in Germany. This is contrary to anything we know about the professional hacker collective Lizard Squad and distinctively indicates the actions of copycats. In the aftermath of the blog posting of Matthew Prince, who said that the new Armada Collective was nothing more than empty threats, these new extorters looked for a name that stands for one of the most famous and powerful groups the media has reported on."

Copycats have been encouraged by the Cloudflare news to blackmail companies as well believing to easily receive money by just sending out ransom mails. Nevertheless despite of recent news on empty threats every extortion mail has to be taken more than serious. Every affected business should inform the authorities and initiate precautions immediately.