New Round of DDoS Blackmailing by XMR-Squad (allegedly)
Many companies in Germany and Switzerland have received blackmail threats in the name of XMR-Squad since Monday (May 1, 2017). The Link11 Security Operation Center (LSOC) have been monitoring developments closely. The criminal group was recently in the news with its DDoS attacks on Hermes and DHL, but attention quickly dissipated. According to initial analysis, the LSOC assumes that this latest round of blackmailing is the work of copycats.
The method and appearance of the perpetrators in this later round differ in certain key aspects from those seen in the incidents between April 19 and April 26, 2017. The LSOC has released the following summary of the particulars as follows:
- In the first round of extortion, the perpetrators said that their demands were "testing fees" for checking the victims' protection against DDoS attacks. The latest round no longer makes this claim; instead, even the subject line speaks of a "Ransom request."
- The text of the emails has been largely copied from previously published blackmail attempts in the name of the Armada Collective. One of the new emails allegedly sent by the XRM-Squad can be read here. <Add link>
- Secondly, the XRM-Squad started a first wave of DDoS attacks and only then sought contact with its victims. There have been no demo attacks in this current round of incidents. As with extortion outfits such as the Borya Collective, RedDoor, and Caremini, the perpetrators could have tried to extort payments by Bitcoin merely with the threat of such attacks.
- The ransom demands in the current round are between 3 and 10 Bitcoin (about €4,000 to €13,000 as of May 2, 2017), well above the €250 that XMR tried to extort from its victims earlier in April.
XMR-Squad would not be the first extortion group to be imitated. It has become very popular to copycat the Armada Collective or Lizard Squad. Armada Collective first appeared in October 2015. There have since been repeated attempts at DDoS extortion in Germany and Switzerland under this name. Lizard Squad gained international fame with its DDoS attacks on the Xbox and Playstation networks on Christmas 2014.
The LSOC is in contact with many of the companies contacted by XMR-Squad and will closely monitor events as they unfold. It is still unclear whether the perpetrators will actually implement the DDoS attacks of up to 500 Gbps as announced.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
7 Retweets 7Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
3 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More
Proven and robust cyber security can have a positive impact on a company's credit rating - or damage it if the impl…
2 Retweets 2Read More
DDoS attacks are no longer just more persistent and larger, but also significantly more complex. Without proven IT…
10 Retweets 4Read More
Mexico closes lottery websites to people from abroad due to ransomware DDoS threats: Even…
8 Retweets 3Read More
National security expert warns of cyberattacks on Australia's critical infrastructure and expects threat to be "imm…
3 Retweets 0Read More
According to current figures, around 500,000 employees are being sought in the field of cyber security in the US:…
3 Retweets 2Read More