New Round of DDoS Blackmailing by XMR-Squad (allegedly)
Many companies in Germany and Switzerland have received blackmail threats in the name of XMR-Squad since Monday (May 1, 2017). The Link11 Security Operation Center (LSOC) have been monitoring developments closely. The criminal group was recently in the news with its DDoS attacks on Hermes and DHL, but attention quickly dissipated. According to initial analysis, the LSOC assumes that this latest round of blackmailing is the work of copycats.
The method and appearance of the perpetrators in this later round differ in certain key aspects from those seen in the incidents between April 19 and April 26, 2017. The LSOC has released the following summary of the particulars as follows:
- In the first round of extortion, the perpetrators said that their demands were "testing fees" for checking the victims' protection against DDoS attacks. The latest round no longer makes this claim; instead, even the subject line speaks of a "Ransom request."
- The text of the emails has been largely copied from previously published blackmail attempts in the name of the Armada Collective. One of the new emails allegedly sent by the XRM-Squad can be read here. <Add link>
- Secondly, the XRM-Squad started a first wave of DDoS attacks and only then sought contact with its victims. There have been no demo attacks in this current round of incidents. As with extortion outfits such as the Borya Collective, RedDoor, and Caremini, the perpetrators could have tried to extort payments by Bitcoin merely with the threat of such attacks.
- The ransom demands in the current round are between 3 and 10 Bitcoin (about €4,000 to €13,000 as of May 2, 2017), well above the €250 that XMR tried to extort from its victims earlier in April.
XMR-Squad would not be the first extortion group to be imitated. It has become very popular to copycat the Armada Collective or Lizard Squad. Armada Collective first appeared in October 2015. There have since been repeated attempts at DDoS extortion in Germany and Switzerland under this name. Lizard Squad gained international fame with its DDoS attacks on the Xbox and Playstation networks on Christmas 2014.
The LSOC is in contact with many of the companies contacted by XMR-Squad and will closely monitor events as they unfold. It is still unclear whether the perpetrators will actually implement the DDoS attacks of up to 500 Gbps as announced.
Current articles
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
A simple visualization of how the Underground Cybercrime Economy cashes in on data and DDoS attacks. To learn more,…
9 Retweets 8
Read MoreHow to protect your business and website from DDoS attacks during the biggest sales period of the year:…
5 Retweets 6
Read MoreWhat are DDoS Attacks and how do cybercriminals use them as weapons to shut down IT infrastructures? And more impor…
7 Retweets 5
Read MoreThis is why (and how) you should block bots on your business website (includes a list of most common bot attacks):…
13 Retweets 9
Read MoreWhat is Web Application Firewall, why do you need it and how does it protect your company? Learn more by reading ou…
3 Retweets 5
Read More@RandyLoss Hah, you weren't the only one saying that.
0 Retweets 0
@vxtrade Your company might ;)
0 Retweets 1
@deckhand25 He is not, but close enough! ;)
0 Retweets 1
What would you do if you received a 180 000€ DDoS extortion email warning to exceed your web infrastructure defense…
1 Retweets 4
Read MoreGet a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
6 Retweets 5
Read MoreRT @cloudtweeters: #CyberResilience has been redefined! We've partnered with @Link11GmbH so our VARs can provide customers with intelligen…
3 Retweets 0
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0