Link11 warns: DDoS Extorters Stealth Ravens mean serious Business with Mirai Botnet
Since the end of January a new DDoS extortion group with the alias Stealth Ravens is active in Germany. Their extortion mails received by ecommerce services are accompanied by warning attacks through a Mirai botnet. The Link11 Security Operation Center (LSOC) is warning online shop providers about DDoS attack reaching more than 10 Gbps.
Frankfurt/M., 31.01.2017 – These new perpetrators calling themselves Stealth Ravens show the same extortion methods used by known groups Armada Collective, DD4BC and Kadyrovtsy but are far more aggressive than their predecessors. In the hours after receiving the extortion mail in which they demand 5 Bitcoins the online shop finds itself under a warning attack.
How the Stealth Ravens operate
The LSOC has analyzed various extortion mails and the act of the perpetrators and has summarized the following information on the Stealth Ravens:
Origin: DDoS extortions by Stealth Ravens are only known since around middle of January 2017. How many perpetrators are actually acting behind the scenes and where they come from is still unknown.
Industry: The victims so far are ecommerce businesses of different sizes. Their product offering ranges from entertainment, household electronic devices and sanitation products.
Sender address: These differ from mail to mail. But they are all registered at anonymous email services.
Recipients: The perpetrators send their mails to the businesses via neutral email addresses that can be found easily on the websites of those companies.
Extortion mails: They are written in English, are very short and straightforward. Identical passages are exchanged with individual information and phrasing from victim to victim. Their tests are nevertheless not copied from DD4BC, Armada Collective or other well-known DDoS extorters. Instead of blatant threats, Stealth Ravens do announce a demonstration attack on the precise servers.
Demonstration Attack: Their announced warning attacks are executed as far as the LSOC has researched. They do not waste time to initiate their attack. The attack bandwidths peak at somewhere around 15 Gbps. Apparently the perpetrates have access to a Mirai botnet to execute their attacks.
Bitcoin address: The extorters give every victim an individual Bitcoin address.
Payment deadline: The extorted businesses have averagely 72 hours to pay the ransom and buy themselves out of further DDoS attacks. In case a business refuses to pay the extorters threaten with further attacks and the doubling of the ransom.
Warning on aggressive perpetrators
According to the view of the LSOC these extortion attempts by Stealth Ravens have to be taken very serious. The DDoS protection experts recommend every online shop to activate their protection shields and to inform their hosting provider about the extortions and potential imminent attacks.
Currently the Stealth Ravens are concentrating on the ecommerce industry in Germany. An expansion of their activities to other industries as well as other countries in Europe cannot be ruled out.
When the DDoS extorters do execute their announced follow-up attacks on one of the DDoS protected clients of Link11, the LSOC will defend these immediately by blocking the correspondent attacks. Afterwards the security experts will concentrate on analyzing the attack information.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
7 Retweets 7Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
3 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More
Proven and robust cyber security can have a positive impact on a company's credit rating - or damage it if the impl…
2 Retweets 2Read More
DDoS attacks are no longer just more persistent and larger, but also significantly more complex. Without proven IT…
10 Retweets 4Read More
Mexico closes lottery websites to people from abroad due to ransomware DDoS threats: Even…
8 Retweets 3Read More
National security expert warns of cyberattacks on Australia's critical infrastructure and expects threat to be "imm…
3 Retweets 0Read More
According to current figures, around 500,000 employees are being sought in the field of cyber security in the US:…
3 Retweets 2Read More