This website uses cookies in order to improve its ease of use. You accept this by continuing to use of the website. You can find more information on cookies and their deactivation here.

New Round of DDoS Blackmailing by XMR-Squad (allegedly)

05/03/2017        Threat Landscape
New Round of DDoS Blackmailing by XMR-Squad (allegedly)

Many companies in Germany and Switzerland have received blackmail threats in the name of XMR-Squad since Monday (May 1, 2017). The Link11 Security Operation Center (LSOC) have been monitoring developments closely. The criminal group was recently in the news with its DDoS attacks on Hermes and DHL, but attention quickly dissipated. According to initial analysis, the LSOC assumes that this latest round of blackmailing is the work of copycats.

The method and appearance of the perpetrators in this later round differ in certain key aspects from those seen in the incidents between April 19 and April 26, 2017. The LSOC has released the following summary of the particulars as follows:

  • In the first round of extortion, the perpetrators said that their demands were "testing fees" for checking the victims' protection against DDoS attacks. The latest round no longer makes this claim; instead, even the subject line speaks of a "Ransom request."
  • The text of the emails has been largely copied from previously published blackmail attempts in the name of the Armada Collective. One of the new emails allegedly sent by the XRM-Squad can be read here. <Add link>
  • Secondly, the XRM-Squad started a first wave of DDoS attacks and only then sought contact with its victims. There have been no demo attacks in this current round of incidents. As with extortion outfits such as the Borya Collective, RedDoor, and Caremini, the perpetrators could have tried to extort payments by Bitcoin merely with the threat of such attacks.
  • The ransom demands in the current round are between 3 and 10 Bitcoin (about €4,000 to €13,000 as of May 2, 2017), well above the €250 that XMR tried to extort from its victims earlier in April.

XMR-Squad would not be the first extortion group to be imitated. It has become very popular to copycat the Armada Collective or Lizard Squad. Armada Collective first appeared in October 2015. There have since been repeated attempts at DDoS extortion in Germany and Switzerland under this name. Lizard Squad gained international fame with its DDoS attacks on the Xbox and Playstation networks on Christmas 2014.

The LSOC is in contact with many of the companies contacted by XMR-Squad and will closely monitor events as they unfold. It is still unclear whether the perpetrators will actually implement the DDoS attacks of up to 500 Gbps as announced.

Back to Overview

Current articles

Threat Landscape: Reflection Amplification Vectors: a Chronology

Cyber Security: ​How AI and Automation are Fueling the Next Generation of Web Application Firewalls (WAFs)

Threat Landscape: How To Protect Your Business Website from Bad Bots

Cyber Security: Why Automation and AI are Critical in DDoS Mitigation

Press: Link11 presents its Partner Program

Press: Link11 and Infinigate Partner on Cloud-Based Cyber Protection in Sweden

Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.

Submit

Stay up to date!

Subscribe to the Link11 blog about the company, it security, and cybercrime.

Submit

Categories

Link11GmbH​

Follow Link11 on Twitter

07/02/2020 17:00

In case you missed the live webinar on the “new zero outage era”, make sure to catch up here. #cybersecurity

9 Retweets   2

Read More
06/30/2020 13:41

RT @MarcWilczek: Cyber breaches are no longer an ‘if’ scenario but rather a ‘when’ scenario, costing - on average - a stunning $116 million…

7 Retweets   0

06/26/2020 09:48

How AI and Automation are Fueling the Next Generation of Web Application Firewalls (WAFs) #cybersecurity

8 Retweets   4

Read More
06/25/2020 13:10

RT @MarcWilczek: New research: The average cost of a #databreach equal $116 million. Sensitivity of customer information and time-to-detect…

7 Retweets   0

06/24/2020 14:51

Interesting read on observations regarding DDoS attack traffic: #cybersecurity #cybercrime #cyberresilience #DDoS

14 Retweets   5

Read More
06/24/2020 10:24

RT @MarcWilczek: #Cybercrime is booming like never before and poised to hit a mind-blowing $6 trillion in revenue by 2021. Whether it's abo…

5 Retweets   0

06/18/2020 12:11

You want to know how to succeed in the new zero outage era? Then join us for our free webinar and find out about cu…

4 Retweets   4

Read More
06/17/2020 14:39

RT @EduardMeelhuyse: When we thought the worst was behind us, this massive #DDoSAttack is hitting major organizations. #CyberSecurity #DDoS

6 Retweets   0

06/03/2020 14:47

RT @MarcWilczek: 9 Reasons Why #Cybercrime Keeps Increasing #CyberSecurity #ITSecurity #databreach @Link11GmbH #DDoS #DevSecOps https://t.…

4 Retweets   0

05/28/2020 10:29

RT @MarcWilczek: Iceberg ahead: The biggest #DDoS attack mitigated in 2019 by @Link11GmbH peaked at 724 Gbps. Even for large enterprises us…

3 Retweets   0

05/27/2020 16:02

Want to know more about reflection amplification vectors? #cybersecurity #DDoS #ITSecurity https://t.co/er19ygJ8gY

1 Retweets   1

Read More
05/26/2020 14:29

We are very excited to announce our new #partnership with Swedish IT security distributor #Infinigate Sverige AB.…

1 Retweets   1

Read More