Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-06-27 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DDoS Extortion - Almost Universally an Empty Threat

Published: 2016-06-27
Last Updated: 2016-06-27 22:04:04 UTC
by John Bambenek (Version: 1)
1 comment(s)

Last year there was an emergence of threats of DDoS against financial websites (that eventually broadened to others) under the DD4BC moniker.  Eventually that morphed into Armada Collective with both stopping around December of 2015 with the arrest of a minor in Central Europe.  Starting in March, threatening emails resumed from Armada Collective threatening massive DDoS attacks if a ransom wasn't paid.  Occasionally they would use booter services to deliver smaller attacks threatening larger ones.  Over at CloudFlare, there is a good write up on the latest round of threats.  The short answer is that these latest threats rarely even include the predecessor attack, there is just someone who is spamming people with a bitcoin wallet and hoping to get paid (and unfortunately they are).  The moral of the story is that the actors behind sending emails demanding ransom or DDoS are rarely to be taken seriously.  Don't pay.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

Keywords:
1 comment(s)
ISC Stormcast For Monday, June 27th 2016 http://isc.sans.edu/podcastdetail.html?id=5057
Diary Archives