According to Akamai, these old dogs have some new tricks. And by new tricks, we mean new DDoS extortion threats.
This August, old cyber actors have returned with a string of malicious DDoS attacks. Or are they copycats?
Old actors, new threats
They might sound strange to anyone outside the cybersecurity sphere, but the names Fancy Bear and Armada Collective are well-known bad actors.
And according to a recent Akamai report, they're back this August.
"They are currently targeting multiple sectors, including banking and finance, as well as retail. Akamai continues to monitor these malicious activities and will continue to protect customers from attacks."
Akamai's Security Intelligence Research Team (SIRT) has been investigating a series of DDoS extortion threats from entities claiming to be Fancy Bear and Armada Collective.
The attacks all start with an email. The actor warns of an impending DDoS attack unless the company pays a Bitcoin ransom.
"If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time." — Armada Collective
"...your websites and other connected services will be unavailable for everyone. Please also note that this will severely damage your reputation among your customers. [...] We will completely destroy your reputation and make sure your services will remain offline until you pay." — Fancy Bear
The attackers focus on reputation and demand that the extortion demand remains private. Akamai believes the operators to be copycats attempting to leech off the notoriety of Armada Collective and Fancy Bear.
Here are the ransom prices from each attacker:
"In the extortion demands from Armada Collective seen by Akamai, the ransom starts at 5 BTC [Bitcoin] and increases to 10 BTC if the deadline is missed, with a 5 BTC increase for each day thereafter. Fancy Bear on the other hand, starts at 20 BTC, and increases to 30 BTC if the deadline is missed, with an additional 10 BTC for each additional day."
What should you do if your organization receives an extortion letter?
"Akamai recommends that the ransom not be paid, as there is no guarantee the attacks will end. Moreover, paying ransom demands will only further finance the group perpetrating them."