A New Wave of DDoS Extortion Campaigns by Fancy Lazarus
Warning of acute ransom DDoS attacks against companies across Europe and North America on behalf of Fancy Lazarus
The Link11 Security Operations Center (LSOC) has recently observed a sharp increase in ransom distributed denial of service (RDDoS or RDoS) attacks. Enterprises from a wide range of business sectors are receiving extortion e-mails from the sender Fancy Lazarus demanding 2 Bitcoins (approx. 66,000 euros): "It's a small price for what will happen when your whole network goes down. Is it worth it? You decide!", the extortionists argue in their e-mail. So far, LSOC has received reports of RDoS attacks from several European countries, such as Germany and Austria, and the USA and Canada.
How the DDoS extortionists operate
The perpetrators gather information about the company's IT infrastructure in advance and provide clear details in the extortion e-mail about which servers and IT elements they will target for the warning attacks. To exert pressure, the attackers rely on demo attacks, some of which last several hours and are characterized by high volumes of up to 200 Gbps. To achieve these attack bandwidths, the perpetrators use reflection amplification vectors such as DNS. If the demands are not met, the contacted company is threatened with massive high-volume attacks of up to 2 Tbps. The organization has 7 days to transfer the Bitcoins to a specific Bitcoin wallet. The e-mail also states that the ransom would increase to 4 Bitcoin with the passing of the payment deadline and increase by another Bitcoin with each additional day. Sometimes, the announced attacks fail to materialize after the expiration of the ultimatum. In other cases, DDoS attacks cause considerable disruption to the targeted companies.
Suspected perpetrators already made headlines worldwide
The perpetrators are no unknowns. In the fall of 2020, payment providers, financial service providers, and banking institutions worldwide were blackmailed with an identical extortion target and hit with RDoS attacks. Hosting providers, e-commerce providers, and logistics companies were also the focus of the blackmailers, showing they target businesses indiscriminately. They also operated under the names Lazarus Group and Fancy Bear or posed as Armada Collective. The perpetrators are even credited with the New Zealand stock exchange outages at the End of August 2020, which lasted several days.
The new wave of extortion hits many companies when a large part of the staff is still organized via remote working and depends on undisrupted access to the corporate network.
Marc Wilczek, Managing Director of Link11: "The rapid digitization that many companies have gone through in the past pandemic months is often not yet 100% secured against attacks. The surfaces for cyber attacks have risen sharply, and IT has not been sufficiently strengthened. Perpetrators know how to exploit these still open flanks with perfect precision."
What to do in the event of DDoS extortion
As soon as they receive an extortion e-mail, companies should proactively activate their DDoS protection systems and not respond to the extortion under any circumstances. If the protection solution is not designed to scale to volume attacks of several hundred Gbps and beyond, it is important to find out how company-specific protection bandwidth can be increased in the short term and guaranteed with an SLA. If necessary, this should also be implemented via emergency integration.
LSOC's observation of the perpetrators over several months has shown: Companies that use professional and comprehensive DDoS protection can significantly reduce their downtime risks. As soon as the attackers realize their attacks are going nowhere, they stop them and let nothing more be heard of them.
LSOC advises attacked companies to file a report with law enforcement authorities. The National Cyber Security Centers are the best place to turn.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/AtNMRQvCYI Did you know that 37,9% of internet traffic is made up of bots? Or that 20,4% of that amoun…
7 Retweets 6Read More
The Link11 360° degree DDoS Protection is... ➡️ Smarter: AI-based Whitelisting approach ➡️ Faster: Attack mitigati…
5 Retweets 4Read More
The European Organisation for Safety of Air Navigation revealed new cyber security statistics!…
1 Retweets 3Read More
➡️ Link11 Report discovers record number of DDoS attacks in first half of 2021. 1) DDoS at…
9 Retweets 7Read More
The European Union Agency for Cybersecurity (= ENISA) identified the most common cyber challenges/threats and issu…
5 Retweets 8Read More
⚠️ Have you been the target of a DDoS/ransomware attack, or even an extortion attempt? If this happens, don't worry…
3 Retweets 2Read More
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
15 Retweets 8Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
6 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More