Warning against aggressive DDoS blackmail group XMR-Squad
Following the recent DDoS blackmailing in the name of Stealth Ravens targeting German companies in late January, perpetrators acting under the name of XMR-Squad are now asking for 250 euros for testing (DDoS) protection.
The Link11 Security Operation Center (LSOC) is warning that since Wednesday, 04/19/2017, a new group named XMR-Squad has been extorting German companies with DDoS attacks. Victims include DHL, Hermes, AldiTalk, Freenet, Snipes.com, as well as the State Bureau of Investigation Lower Saxony and the state of North Rhine-Westphalia. The perpetrators are similar to the already-known DD4BC, Kadyrovtsy, and Stealth Ravens blackmail groups and are putting pressure on their victims with demonstration attacks. They declare their claims of protection to be “testing DDoS protection.”
How XMR-Squad works
The perpetrators are trying to move into the public eye. In a telephone conversation and via email, they provided the journalist Mark Steier with important information. Steier summarized the information in his German blog post with the title “Ursache der Störung nun bekannt: DHL hatte einen DDOS-Angriff“ (in English “Cause of the disruption now known: DHL had a DDoS attack”) which emphasizes that the reason for the downtime of DHL was a DDoS attack. The LSOC exchanged additional information with Steier and together with him created a brief profile of the perpetrators.
Origin: DDoS blackmail by the hitherto unknown group have only been known since April 19, 2017. Based on the telephone conversation with the perpetrators, Steier assumes that the group has Russian roots.
Single perpetrator/group: By email and on Twitter, the hackers always refer to themselves in the plural.
Name of the perpetrators: XMR is the abbreviation for the decentralized crypto-currency Monero, which places a special focus on privacy.
Victims: The blackmailers are targeting companies from different sectors and different sizes in Germany without any recognizable logic or reason. Thus far, the LSOC is aware of DDoS attacks on the websites of Vodafone, Snipes, Freenet, Hermes, DHL, AldiTalk, and 3DSupply. In addition to the companies, according to the official website of the perpetrators, the State Bureau of Investigation Lower Saxony and the state of North Rhine-Westphalia were also attacked. Currently, XMR-Squad is still concentrating on companies and authorities in Germany. However, an expansion into other European countries can not be ruled out.
Web presence: The perpetrators post information about the (seemingly) successful DDoS attacks on Twitter and on their own hacker website xmr-squad.biz. Their online presence is protected by Cloudflare. In the past few months the American provider of DDoS protection has repeatedly been accused of offering protection for criminal activities as well by lack of examination of new customers.
Asking for protection money: What’s unique about XMR-Squad is that they communicate the attacks as a kind of penetration test and ask for 250 euros for the test: “we’re ‘checking’ your protection :=) & for this we just require € 250 win-win.” (Source: Twitter post). According to LSOC, the amount is relatively low. DDoS blackmailers usually demand an amount of 1 to 5 Bitcoin. According to today’s price, this corresponds to an amount of 1,100 to 5,700 euros.
DDoS tool: It is still unclear whether XMR-Squad has its own DDoS tool or whether the perpetrators commission the attacks with “DDoS-as-a-Service” vendors. However, it is certain that XMR-Squad’s DDoS attacks can have a great impact when they are able to overload the IT infrastructure of large logistics companies.
Warning against aggressive perpetrators
In the opinion of the LSOC, the blackmailing attempts of XMR-Squad must absolutely be taken seriously, but they should not be responded to. Instead of paying, Link11’s DDoS protection experts recommend to activate existing protection systems or take appropriate protection measures, as well as inform their hosting provider of the blackmail. In addition, companies that are attacked should report their complaints to law enforcement agencies. The Alliance for Cybersecurity provides an overview of the respective reporting points for cybercrime in the individual federal states.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
3 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More
Proven and robust cyber security can have a positive impact on a company's credit rating - or damage it if the impl…
2 Retweets 2Read More
DDoS attacks are no longer just more persistent and larger, but also significantly more complex. Without proven IT…
10 Retweets 4Read More
Mexico closes lottery websites to people from abroad due to ransomware DDoS threats: Even…
8 Retweets 3Read More
National security expert warns of cyberattacks on Australia's critical infrastructure and expects threat to be "imm…
3 Retweets 0Read More
According to current figures, around 500,000 employees are being sought in the field of cyber security in the US:…
3 Retweets 2Read More
The German BKA has published the Cybercrime Report 2020: ➡️ In 2020, 108,474 cyber-crime cases were recorded by the…
2 Retweets 2Read More