Apparent copycats have begun using the Armada Collective name; one early tactic involved attempted extortion of about $7.2 million from three Greek banks.
DD4BC: This cybercriminal group, whose name is an acronym for “distributed denial of service for Bitcoin,” started launching Bitcoin extortion campaigns in mid-2014. Initially targeting the online gambling industry, DD4BC has since broadened targets to include financial services, entertainment and other high-profile companies, Radware claims.
ezBTC Squad: Instead of using email messages, this group of cybercriminals is using Twitter as the vehicle for delivering itsRDoS threats. Others are following suit.
Kadyrovtsy: Named after the elite forces of the Kadyrov administration in Chechnya, Radware says this is one of the newest groups to emerge on the RDoS scene. It recently threatened two Polish banks and a Canadian media company. The group even launched demo assaults (15G-20Gbps) to prove its competence, much like the Armada Collective.
RedDoor: RedDoor issued its first threats in March 2016. Per the “standard,” these criminals use an anonymous email service to send messages demanding a ransom of 3 Bitcoin. Targeted businesses have just 24 hours to wire the payment to an individual Bitcoin account.
Beware the Copycats: “Copycats” are compounding the RDoS headaches, Radware reports. These players are issuing fake letters—hoping to turn quick profits with minimal effort. Here are some tips to detect a fake ransom letter:
- Assess the request. The Armada Collective normally requests 20 Bitcoin. Other campaigns have been asking for amounts above and below this amount. Fake hackers typically request different amounts of money. In fact, low Bitcoin ransom letters are most likely from fake groups who are hoping their price is low enough for someone to pay rather than seek help from professionals.
- Check the network. Real hackers prove their competence by running a small attack while delivering a ransom note. If there is a change in network activity, the letter and the threat are probably genuine.
- Look for structure. Real hackers are well organised. Fake hackers, on the other hand, don’t link to a website, and they lack official accounts.
- Consider other targets. Real hackers tend to attack many companies in a single sector. Fake hackers are less focused, targeting anyone and everyone in hopes of making a quick buck.
Sign up for CIO Asia eNewsletters.