Link11 warns: DDoS Extorters Stealth Ravens mean serious Business with Mirai Botnet
Since the end of January a new DDoS extortion group with the alias Stealth Ravens is active in Germany. Their extortion mails received by ecommerce services are accompanied by warning attacks through a Mirai botnet. The Link11 Security Operation Center (LSOC) is warning online shop providers about DDoS attack reaching more than 10 Gbps.
Frankfurt/M., 31.01.2017 – These new perpetrators calling themselves Stealth Ravens show the same extortion methods used by known groups Armada Collective, DD4BC and Kadyrovtsy but are far more aggressive than their predecessors. In the hours after receiving the extortion mail in which they demand 5 Bitcoins the online shop finds itself under a warning attack.
How the Stealth Ravens operate
The LSOC has analyzed various extortion mails and the act of the perpetrators and has summarized the following information on the Stealth Ravens:
Origin: DDoS extortions by Stealth Ravens are only known since around middle of January 2017. How many perpetrators are actually acting behind the scenes and where they come from is still unknown.
Industry: The victims so far are ecommerce businesses of different sizes. Their product offering ranges from entertainment, household electronic devices and sanitation products.
Sender address: These differ from mail to mail. But they are all registered at anonymous email services.
Recipients: The perpetrators send their mails to the businesses via neutral email addresses that can be found easily on the websites of those companies.
Extortion mails: They are written in English, are very short and straightforward. Identical passages are exchanged with individual information and phrasing from victim to victim. Their tests are nevertheless not copied from DD4BC, Armada Collective or other well-known DDoS extorters. Instead of blatant threats, Stealth Ravens do announce a demonstration attack on the precise servers.
Demonstration Attack: Their announced warning attacks are executed as far as the LSOC has researched. They do not waste time to initiate their attack. The attack bandwidths peak at somewhere around 15 Gbps. Apparently the perpetrates have access to a Mirai botnet to execute their attacks.
Bitcoin address: The extorters give every victim an individual Bitcoin address.
Payment deadline: The extorted businesses have averagely 72 hours to pay the ransom and buy themselves out of further DDoS attacks. In case a business refuses to pay the extorters threaten with further attacks and the doubling of the ransom.
Warning on aggressive perpetrators
According to the view of the LSOC these extortion attempts by Stealth Ravens have to be taken very serious. The DDoS protection experts recommend every online shop to activate their protection shields and to inform their hosting provider about the extortions and potential imminent attacks.
Currently the Stealth Ravens are concentrating on the ecommerce industry in Germany. An expansion of their activities to other industries as well as other countries in Europe cannot be ruled out.
When the DDoS extorters do execute their announced follow-up attacks on one of the DDoS protected clients of Link11, the LSOC will defend these immediately by blocking the correspondent attacks. Afterwards the security experts will concentrate on analyzing the attack information.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
How to protect your business and website from DDoS attacks during the biggest sales period of the year:…
5 Retweets 6Read More
What are DDoS Attacks and how do cybercriminals use them as weapons to shut down IT infrastructures? And more impor…
7 Retweets 5Read More
This is why (and how) you should block bots on your business website (includes a list of most common bot attacks):…
13 Retweets 9Read More
What is Web Application Firewall, why do you need it and how does it protect your company? Learn more by reading ou…
3 Retweets 5Read More
@RandyLoss Hah, you weren't the only one saying that.
0 Retweets 0
@vxtrade Your company might ;)
0 Retweets 1
@deckhand25 He is not, but close enough! ;)
0 Retweets 1
What would you do if you received a 180 000€ DDoS extortion email warning to exceed your web infrastructure defense…
1 Retweets 4Read More
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
6 Retweets 5Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0
@QAValley Thank you for sharing, great piece. For the fastest and reliable German made DDoS Protection, get in touch!
0 Retweets 0